Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module 信息指南
All contents are Copyright © 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 7
Q&A
Extensible Authentication Protocol—
Flexible Authentication via Secure Tunneling
Flexible Authentication via Secure Tunneling
This document answers questions about Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling
(EAP-FAST), an EAP type from Cisco Systems
®
.
OVERVIEW
Q.
What is EAP-FAST?
A.
Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) is a publicly accessible IEEE 802.1X EAP type
developed by Cisco Systems
®
. It is available as an IETF informational draft.
Q.
When did Cisco
®
submit EAP-FAST to the IETF?
A.
Cisco submitted the EAP-FAST IETF informational draft on February 8, 2004. It was posted on February 10, 2004. Learn more about IETF or
read the informational draft by visiting:
http://ietf.org/home.html
Q.
Why did Cisco develop EAP-FAST?
A.
Cisco developed EAP-FAST to support customers who cannot enforce a strong password policy and wish to deploy an 802.1X EAP type that
does not require digital certificates, supports a variety of user and password database types, supports password expiration and change, and is flexible,
easy to deploy, and easy to manage. For example, a customer using Cisco LEAP who cannot enforce a strong password policy and does not want to
use certificates can migrate to EAP-FAST for protection from dictionary attacks.
Q.
Does EAP-FAST provide protection from network attacks?
A.
Yes. EAP-FAST provides protection from a variety of network attacks, including man-in-the-middle, authentication forging, weak IV attack
(AirSnort), packet forgery (replay attack), and dictionary attacks.
Q.
What customers will deploy EAP-FAST?
A.
If an organization is using standards-based wireless LAN (WLAN) security such as Wi-Fi Protected Access (WPA or WPA2), which includes
IEEE 802.1X for authentication, and the organization cannot implement strong password policies and does not want to rely on an 802.1X EAP type
that requires digital certificates, that organization may choose to deploy EAP-FAST.
Q.
Is EAP-FAST standards-based and standards-compliant?
A.
EAP-FAST is compliant with IEEE 802.1X and IEEE 802.11i.
Q.
Is Cisco EAP-FAST supported by the Cisco Unified Wireless Network?
A.
Yes. The
Cisco Unified Wireless Network
supports a variety of Extensible Authentication Protocol (EAP) authentication types, including
EAP-FAST. Like all EAP types, EAP-FAST can be used with WPA and WPA2 networks.
Q.
What is the Cisco Unified Wireless Network?
A.
The Cisco Unified Wireless Network is the industry’s only unified wired and wireless solution to cost-effectively address the WLAN security,
deployment, management, and control issues facing enterprises. This powerful solution combines the best elements of wireless and wired
networking to deliver scalable, manageable, and secure WLANs with a low total cost of ownership. It includes innovative RF capabilities that enable
real-time access to core business applications and provides proven enterprise-class secure connectivity. The Cisco Unified Wireless Network delivers