Cisco CCNA Study Guide - Router Alley

More documents

Recommendations

Info

CCNA Study Guide v2.62 – Aaron Balchunas 134 EAP with Flexible Authentication via Secure Tunneling (EAP-FAST) EAP-FAST was also developed by Cisco as an alternative to LEAP, and was standardized by the IETF. Like LEAP, it utilizes a username/password for authentication via a RADIUS server, and does not require the use of certificates. Unlike LEAP, EAP-FAST is not vulnerable to dictionary attacks, as it establishes a secure tunnel between the supplicant and authentication server. EAP-FAST is supported by most versions of Windows, and supports Windows single sign-on in Active Directory/Domain environments. EAP-FAST authentication is a three-phase process: • Phase 0 (optional) – the supplicant is assigned a Protected Access Credential (PAC), on a per-user basis. This phase is optional because the PAC can be manually configured on the supplicant. • Phase 1 – the supplicant and authentication server establish a secure tunnel using the PAC. • Phase 2 – the supplicant sends its username/password credentials to the authentication server, via the secure tunnel. (Reference: http://www.cisco.com/en/US/prod/collateral/wireless/ps5679/ps5861/prod_qas09186a00802030dc_ps430_Products_Q_and_A_Item.html; CCNP ONT Exam Certification Guide, Amir Ranjbar. Pages 264-266) EAP with Transport Layer Security (EAP-TLS) EAP with Transport Layer Security (EAP-TLS) is an IETF standard protocol, and was the first EAP authentication method used with 802.11 wireless networks. EAP-TLS utilizes Public Key Infrastructure (PKI) to authenticate supplicants using certificates. Both the supplicant and the authentication server must be assigned a certificate from a Certificate Authority (CA) server. Because of this, EAP-TLS is considered extremely secure, though the complexity of client-side certificates makes it somewhat unpopular. EAP-TLS is natively supported on most versions of Windows (2000 and newer). (Reference: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtml; CCNP ONT Exam Certification Guide, Amir Ranjbar. Pages 266-267) * * * All original material copyright © 2013 by Aaron Balchunas (aaron@routeralley.com), unless otherwise noted. All other material copyright © of their respective owners. This material may be copied and used freely, but may not be altered or sold without the expressed written consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
CCNA Study Guide v2.62 – Aaron Balchunas 135 Protected EAP (PEAP) Protected EAP (PEAP) was developed jointly by Cisco, Microsoft, and RSA Security, and was submitted to the IETF for standardization. PEAP utilizes TLS to create a secure tunnel between the supplicant and authentication server. The key difference between PEAP and EAP-TLS is that only the authentication server requires a PKI certificate – no certificate is required on the supplicant. PEAP authentication is a two-phase process: 1. The supplicant authenticates the authentication server by verifying the server-side PKI certificate. If successful, the supplicant and authentication server form the TLS tunnel. 2. The supplicant sends its username/password credentials to the authentication server, via the secure tunnel. This is accomplished using either EAP-MSCHAPv2 (for Windows-based authentication servers) or EAP-GTC (Generic Token Card, for LDAP-based authentication servers). As with the other EAP-methods, a Success message is generated if the supplicant and authentication server have successfully authenticated each other, which informs the authenticator that the supplicant can pass traffic. (Reference: http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml; CCNP ONT Exam Certification Guide, Amir Ranjbar. Pages 267-269) * * * All original material copyright © 2013 by Aaron Balchunas (aaron@routeralley.com), unless otherwise noted. All other material copyright © of their respective owners. This material may be copied and used freely, but may not be altered or sold without the expressed written consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
Page 1 and 2:
CCNA Study Guide v2.62 - Aaron Balc
Page 3 and 4:
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85: CCNA Study Guide v2.62 - Aaron Balc
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 298 and 299:
Page 300 and 301:
Page 302 and 303:
Page 304:
show all

Cisco CCNA Study Guide - Router Alley

Create successful ePaper yourself

Delete template?

Save as template?