3com WX1200 Notas De La Versión
2
W
IRELESS
LAN S
WITCH
AND
C
ONTROLLER
MSS V
ERSION
3.0 R
ELEASE
N
OTES
use. Working out client and AAA configuration meth-
ods first provides valuable information as you scale
the deployment.
ods first provides valuable information as you scale
the deployment.
The selection of client and AAA server software will
depend heavily on the requirements of your deploy-
ment. First, decide which EAP Protocol you will be
using as that will restrict the available clients and serv-
ers. Each protocol has different advantages and disad-
vantages, which you will need to consider in your
deployment. For most enterprise deployments, 3Com
recommends using PEAP-MS-CHAP-V2 as the 802.1X
protocol. The following table compares the EAP pro-
tocols.
depend heavily on the requirements of your deploy-
ment. First, decide which EAP Protocol you will be
using as that will restrict the available clients and serv-
ers. Each protocol has different advantages and disad-
vantages, which you will need to consider in your
deployment. For most enterprise deployments, 3Com
recommends using PEAP-MS-CHAP-V2 as the 802.1X
protocol. The following table compares the EAP pro-
tocols.
When testing and evaluating MSS, enterprises using
primarily Microsoft platforms are recommended to
use Windows XP clients running PEAP-MS-CHAP-V2
with a Windows 2000 or 2003 server running Inter-
net Authentication Service (IAS) as the RADIUS back
end. This provides a test environment that is quick to
set up and does not require additional third-party
software.
primarily Microsoft platforms are recommended to
use Windows XP clients running PEAP-MS-CHAP-V2
with a Windows 2000 or 2003 server running Inter-
net Authentication Service (IAS) as the RADIUS back
end. This provides a test environment that is quick to
set up and does not require additional third-party
software.
Wireless NICs
Most wireless NICs available now support 802.1X
authentication. The table below lists the NICs that
have been used successfully with MSS. The majority
were tested using recently available drivers using the
Microsoft native 802.1X client and a Microsoft IAS
RADIUS server. 3Com has not experienced any com-
patibility problems with NICs being unable to support
authentication. The table below lists the NICs that
have been used successfully with MSS. The majority
were tested using recently available drivers using the
Microsoft native 802.1X client and a Microsoft IAS
RADIUS server. 3Com has not experienced any com-
patibility problems with NICs being unable to support
Protocol
Advantages
Disadvantages
PEAP-MS-CHAP-V2
■
Does not require
client certificates
client certificates
■
Compatible with
MSS EAP offload
MSS EAP offload
■
Native support in
Microsoft Windows
XP and 2000
Microsoft Windows
XP and 2000
■
Broad support in
802.1X clients
802.1X clients
■
Username/pass-
word-based access
might not be as
strong as certifi-
cate-based access
word-based access
might not be as
strong as certifi-
cate-based access
EAP-TTLS
■
Does not require
client certificates
client certificates
■
Broadest compatibil-
ity with user directo-
ries
ity with user directo-
ries
■
Requires third-party
802.1X client soft-
ware
802.1X client soft-
ware
■
Username/pass-
word-based access
might not be as
strong as certifi-
cate-based access
word-based access
might not be as
strong as certifi-
cate-based access
EAP-TLS
■
Strongest authenti-
cation using X.509
certificates.
cation using X.509
certificates.
■
Native support in
Windows XP and
2000
Windows XP and
2000
■
Broad supported in
all 802.1X clients
all 802.1X clients
■
Client-side certifi-
cates require full PKI
infrastructure and
management over-
head
cates require full PKI
infrastructure and
management over-
head
PEAP-TLS
■
Strongest authenti-
cation using X.509
certificates.
cation using X.509
certificates.
■
Native support in
Windows XP and
2000
Windows XP and
2000
■
Broad supported in
all 802.1X clients
all 802.1X clients
■
Client-side certifi-
cates require full PKI
infrastructure and
management over-
head
cates require full PKI
infrastructure and
management over-
head
■
Minimal advantage
over EAP-TLS
over EAP-TLS
Protocol
Advantages
Disadvantages