Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module Guía De Información
© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 4 of 5
EAP TYPE COMPARISONS
Q.
What is the difference between the Microsoft PEAP supplicant and the Cisco PEAP supplicant?
A.
Both supplicants support PEAP, but each supports different methods of client authentication through the TLS tunnel. The Microsoft PEAP
supplicant supports client authentication by only MS-CHAP Version 2, which limits user databases to those that support MS-CHAP Version 2, such
as Windows NT Domains and Active Directory. The Cisco PEAP supplicant supports client authentication by OTPs and logon passwords, enabling
support for OTP databases from vendors (such as RSA Security and Secure Computing Corporation) and logon password databases (such as LDAP
and Novell NDS) as well as Microsoft databases. In addition, the Cisco PEAP client includes the ability to hide user name identities until the TLS
encrypted tunnel is established. This provides additional confidentiality that user names are not being broadcast during the authentication phase.
Q.
What are the differences between PEAP,
EAP-Flexible Authentication via Secure Tunneling
(FAST),
Cisco LEAP
, and EAP-TLS?
A.
Table 1 provides a summary comparison of PEAP, EAP-FAST, Cisco LEAP, and EAP-TLS.
Table 1.
PEAP, EAP-FAST, Cisco LEAP and EAP-TLS Comparison Chart
PEAP with Generic
Token Card (GTC)
PEAP with Microsoft
Challenge
Authentication
Protocol (MS-CHAP)
Version 2
EAP-FAST
Cisco LEAP
EAP-TLS
User Authentication
Database and
Server
OTP, LDAP, Novell
NDS, Windows NT
Domains, Active
Directory
Windows NT
Domains, Active
Directory
Windows NT
Domains, Active
Directory, LDAP
(limited)
Windows NT
Domains, Active
Directory
OTP, LDAP, Novell
NDS, Windows NT
Domains, Active
Directory
Requires Server
Certificates
Yes
Yes
No
No
Yes
Requires Client
Certificates
No
No
No
No
Yes
Operating System
Support
Driver: Windows XP,
Windows 2000,
Windows CE*
With third-party utility:
Other OS**
Driver: Windows XP,
Windows 2000,
Windows CE
With third-party utility:
Other OS**
Driver: Windows XP,
Windows 2000,
Windows CE***
With third-party utility:
Other OS**
Driver: Windows 98,
Windows 2000,
Windows NT,
Windows Me,
Windows XP, Mac
OS, Linux, Windows
CE, DOS
Driver: Windows XP,
Windows 2000,
Windows CE
With third-party utility:
Other OS
Application-Specific
Device (ASD)
Support
No
No
Yes
Yes
No
Credentials used
Client: Windows,
Novell NDS, LDAP
password; OTP or
token
Server: Digital
certificate
Windows password
Windows password,
LDAP user
ID/password (manual
provisioning required
for Pac provisioning)
Windows
password****
Digital certificate
Single Sign-On
Using Windows
Login
No
Yes
Yes
Yes
Yes