Supported Radius Methods - Cisco ASR 5000 series Product Overview
Hide thumbs
Also See for ASR 5000 series:
- Administration manual (509 pages) ,
- Installation manual (317 pages) ,
- Thresholding configuration manual (163 pages)
Table of Contents
Advertisement
ASN Gateway Overview
EAP-identity response. It subsequently unpacks EAP messages over the R6 interface and transfers them via RADIUS or
Diameter signaling to the AAA server.
EAP authentication provide multiple authentication methods that can be tailored to the operator's preference toward
user-level, device-level, or user- and device-level network authorization. At the H-AAA server in Home Network
Service Provider (H-NSP), device-level authentication in a roaming application guards against unauthorized network
access by users with stolen access devices.
Supported RADIUS Methods
ASN Gateway supports following EAP authentication and authorization methods using RADIUS:
EAP-Pre-shared Key (EAP-PSK)
EAP-Transport Layer Security (EAP-TLS)
EAP-Tunneled Transport Layer Security (EAP-TTLS)
EAP-Authentication and Key Agreement (EAP-AKA)
EAP-Pre-shared Key (EAP-PSK)
EAP-PSK is a symmetric mutual authentication method that uses manually provisioned pre-shared keys between an
EAP client on an access device and an EAP server component on AAA. The size of the pre-shared key can be up to 256
bytes.
EAP-Transport Layer Security (EAP-TLS)
EAP-TLS is an asymmetric authentication method that uses X.509 digital certificates, for example public/private key
pairs, and enables device-based authentication.
EAP-Tunneled Transport Layer Security (EAP-TTLS)
EAP-TTLS is a multi-level authentication scheme to enable device and user-based authentication. The first level
handshake provides device-level authentication and uses the same encryption and ciphering algorithms as EAP-TLS.
The secure connection established through the first level handshake is then extended with MS-CHAP-V2 authentication
to verify user credentials. As with other EAP methods, successful EAP transactions at AAA result in a Master Session
Key (MSK) that is returned over an encrypted connection. The ASN Gateway uses the key to generate a derivative key
for securing the air interface between ASN and user access device.
EAP-Authentication and Key Agreement (EAP-AKA)
EAP-AKA uses symmetric cryptography based on pre-shared private client/server keys and challenge-response
mechanisms similar to other EAP methods. It verifies credentials for users of Removable User Identity Modules (R-
UIMs).
OL-22938-02
Supported Features ▀
Cisco ASR 5000 Series Product Overview ▄
Advertisement
Table of Contents
