Extended Access Protocols (EAPs) are part of the connection process for Wi-Fi networks that employ 802.1x. Their function is to securely transmit your login
credentials to the network's login server. Once the network has verified that you are a valid user, 802.1x is free to retrieve the encryption key from the network.
802.1x and EAP methods are employed by the following data encryption strategies:
●
The Enterprise versions of WPA or WPA2.●
WEP Open uses 802.1x if a Network authentication protocol (EAP method) is specified.EAP Type Inner EAP Type
EAP-LEAP None
EAP-FAST GTC, MSCHAPv2
EAP-PEAP MD5, GTC, MSCHAPv2
EAP-TTLS PAP, CHAP, MSCHAP, MSCHAPv2, MD5, GTC
EAP-TLS None
Contact your organization's system administrator for details on configuring an advanced Wi-Fi connection.
Support for 802.1x and EAP methods is available only in the Enterprise version of VZAccess Manager.
LEAP Configuration
LEAP (Lightweight Extensible Authentication Protocol) is an authentication protocol developed by Cisco. Its function is to secure your user name and password information by creating an encrypted tunnel between VZAccess Manager and the Wi-Fi network's login server.
When you select LEAP as the Network authentication protocol (EAP type), you can configure the properties listed below.
●
User name — Your user name for this Wi-Fi network.●
Password — Your password for this Wi-Fi network.by creating an encrypted tunnel between VZAccess Manager and the Wi-Fi network's login server.
When you select FAST as the Network authentication protocol (EAP type), you can configure the properties listed below.
●
Inner Authentication — Specify the preferred protocol for phase two of FAST authentication. The options for FAST are:●
GTC●
MSCHAPv2Ask the administrator of the network you are trying to access which option is preferred.
●
User name — Your user name for this Wi-Fi network.●
Password — Your password for this Wi-Fi network.●
Use anonymous for phase 1 — When this box is checked, VZAccess Manager will send the text entered in the Anonymous string box in place of your real user name whenever the user name must be sent in an unencrypted format. This provides an added level of protection for your user name.It is strongly recommended that this option is enabled whenever it is allowed by the administrator of the network you are connecting to.
●
Verify server certificate — When this box is checked, VZAccess Manager will require that the login server provide certification from a trusted authority before it sends its own authentication credentials.PEAP Configuration
PEAP (Protected Extensible Authentication Protocol) is an authentication protocol developed by Microsoft, Cisco, and RSA security. Its function is to securely transmit your login credentials to the Wi-Fi network's login server.
When you select PEAP as the Network authentication protocol (EAP type), you can configure the properties listed below.
●
Inner Authentication — Specify the preferred protocol for phase two of PEAP authentication. The options for PEAP are:●
MD5●
GTC●
MSCHAPv2Ask the administrator of the network you are trying to access which option is preferred.
●
User name — Your user name for this Wi-Fi network.●
Password — Your password for this Wi-Fi network.●
Use anonymous for phase 1 — When this box is checked, VZAccess Manager will send the text entered in the Anonymous string box in place of your real user name whenever the user name must be sent in an unencrypted format. This provides an added level of protection for your user name.It is strongly recommended that this option is enabled whenever it is allowed by the administrator of the network you are connecting to.
●
Verify server certificate — When this box is checked, VZAccess Manager will require that the login server provide certification from a trusted authority before it sends its own authentication credentials.TTLS Configuration
TTLS (Tunneled Transport Level Security) is an authentication protocol developed by Funk Software and Certicom. Its function is to securely transmit your login credentials to the Wi-Fi network's login server.
When you select TTLS as the Network authentication protocol (EAP type), you can configure the properties listed below.
●
Inner Authentication — Specify the preferred protocol for phase two of TTLS authentication. The options for TTLS are:●
PAPAsk the administrator of the network you are trying to access which option is preferred.
●
User name — Your user name for this Wi-Fi network.●
Password — Your password for this Wi-Fi network.●
Use anonymous for phase 1 — When this box is checked, VZAccess Manager will send the text entered in the Anonymous string box in place of your real user name whenever the user name must be sent in an unencrypted format. This provides an added level of protection for your user name.It is strongly recommended that this option is enabled whenever it is allowed by the administrator of the network you are connecting to.
●
Verify server certificate — When this box is checked, VZAccess Manager will require that the login server provide certification from a trusted authority before itTLS Configuration
TLS (Transport Layer Security) is an authentication protocol that was developed by the IETF (Internet Engineering Task Force) based on Netscape's SSL protocol. Its function is to allow secure login to a Wi-Fi network. To do this, TLS employs digital certificates on both the server and the client end, which facilitates mutual authentication and secure key exchange.
When you select TLS as the Network authentication protocol (EAP type), you can configure the properties listed below.
●
Certificate — This contains a list of certificates that have already been installed on your computer. Select the certificate to be used for this network.●
User name — Your user name for this Wi-Fi network.●
Use anonymous for phase 1 — When this box is checked, VZAccess Manager will send the text entered in the Anonymous string box in place of your real user name whenever the user name must be sent in an unencrypted format. This provides an added level of protection for your user name.It is strongly recommended that this option is enabled whenever it is allowed by the administrator of the network you are connecting to.