EAP Flexible Authentication via Secure Tunneling

EAP Flexible Authentication via Secure Tunneling (EAP-FAST) was developed by Cisco and is available in an IETF informational draft. Cisco developed EAP-FAST to support customers that require strong password policy enforcement but do not want to deploy digital certificates. EAP-FAST provides protection against a variety of network attacks, including man-in-the-middle, replay, and dictionary attacks.

EAP-FAST uses symmetric key algorithms to achieve a tunneled authentication process. The tunnel establishment relies on a Protected Access Credential (PAC) that can be provisioned and managed dynamically by EAP-FAST through the authentication server, such as the Cisco Secure Access Control Server.

Figure 17-8 shows the EAP-FAST authentication process.

0 0

Post a comment