Networking / Beginners

EAP-TTLS

The EAP-Tunneled Transport Layer Security (EAP-TTLS) protocol is an extension of the EAP-TLS mechanism.

EAP-TTLS is different from EAP-TLS because it does away with the EAP-TLS requirement of a supplicant-side certificate. Only the authentication server component requires a digital certificate.

The authentication server is authenticated using its digital certificate. An encrypted tunnel is then established between the peer (or supplicant) and the authentication server. The peer's authentication credentials, such as a digital certificate or password, are passed to the authentication server over the established tunnel. The peer can use other authentication methods such as Challenge-Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), and Microsoft CHAP (MS-CHAP) v2.

Having to manage certificates only on the server side makes EAP-TTLS much easier to manage, because the wireless administrator does not have to worry about creating and managing digital certificates on all the wireless client STAs.

[Previous] [Contents] [Next]