EAP Protocols Supported • RSA RADIUS Server: — Plain: PAP, EAP-GTC, EAP-SecurID, EAP-POTP — PEAP Tunneled: EAP-GTC, EAP-SecurID, EAP-POTP No PAP — TTLS Tunneled: PAP, EAP-GTC, EAP-SecurID, EAP-POTP • RRAS/IAS Service Plugin: — Plain: EAP-SecurID, EAP-POTP — PEAP Tunneled: EAP-SecurID, EAP-POTP — No PAP, GTC, TTLS EAP Access in RSA SecurID; Wireless, RSA RADIUS, Third party Clients In V6.1 we add the Funk developed RADIUS server (SBR) as part of the package. The EAP server component will use the same SecurID API as our EAP server. Funk supports Microsoft PEAPv0 and Cisco PEAPv1, as well as their own tunnel technology called TTLS which only requires a server certificate and a client secret. RSA RADIUS Server also supports PAP/Token Card and EAP-GTC inner methods EAP Access in RSA SecurID; 802.11 Wireless, MS IAS Server EAP is the authentication protocol specified by 802.1x authentication 802.1x used for 802.11 wireless but also for authentication for wired connections too where the access point could be an Ethernet hub Diagram shows Protected EAP (PEAP) establishes a tunnel from client to server PEAP uses TLS/SSL technology to authenticate, and establish a security association for encryption PEAP requires certificates be installed on the client and the server, but the testing of the server certificate is optional