10-28-2002 05:11 AM - edited 07-04-2021 11:29 PM
I've read that with the ACS 3.1 the only eap-type supported with PEAP is GTC.
Why it is not possible to use EAP-MD5 or EAP-TLS with PEAP? These EAP-type were already supported in ACS 3.0...
Thanks for your time.
11-01-2002 07:32 AM
As per my knowledge,Peap uses TLS protocol also to authenticate.
PEAP works in the following way:PEAP operates in two steps. The first step is the server authentication and second one is user authentication using a new EAP type .
PEAP uses TLS to authenticate the network infrastructure through the TLS Handshake protocol, to protect user credentials in transit by means of the TLS Record Protocol, and to generate cryptographic keying material using the TLS-defined pseudo-random function (PRF) functionality.
For information on this you can follow the URLs,
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/prodlit/acsq_qp.htm
11-04-2002 03:07 AM
Ok for the first step. But I can't understand why isn't possibile to use EAP-MD5 in the second step.
If EAP-MD5 was already supported by ACS 3.0 why it doesn't appear as an EAP-type for PEAP?
Are there any limitations on the EAP-Type I use in the second step?
Thanks.
11-08-2002 05:47 PM
Basically, EAP-MD5 and PEAP are totally different in the backend. PEAP uses server-side certificate to authenticate the server, after which uses user's login name and password for authentication of the client.
EAP-MD5 only authenticate the client without the server authentication part.
11-10-2002 11:25 PM
Sorry, probably I wasn't clear.
My question is: why can't I use EAP-MD5 INSIDE PEAP?
By "inside" I mean in the second phase, after the server authentication.
I've understood that PEAP is composed by two phases:
1-server authentication (by certificate)
2-any EAP-Type for client authentication
Why "any EAP-Type" can't be EAP-MD5?
I hope to be clear.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: