QOTD (20181210) - Can't figure out why this is the correct answer
Last Post: December 31, 2021:
-
I'm missing something obvious here because I picked EAP-TLLS. But the explanation seems a tad too terse. Could someone explain why PEAP is the correct answer?
CORRECT!
Only one EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication. What is this EAP type?
You must select 1 answer
EAP-MD5
LEAP
EAP-TTLS
> PEAP <
Exam level:CWSP
Explanation:
The following list shows EAP types that are more commonly used with wireless networks: EAP-TLS – client and server certificates required; TTLS (EAP-MSCHAP-v2) – only server certificates required; PEAPv0 (EAP-MSCHAP-v2) – only server certificates required; PEAPv0 (EAP-TLS) – client and server certificates required; PEAPv1 (EAP-GTC) – used with token card and directory-based authentication systems and only server certificates required; EAP-SIM - EAP for GSM Subscriber Identity Module - mobile communicators; EAP-AKA - for use with the UMTS Subscriber Identity Module - mobile communications. -
I could be mistaken, but I believe the key point is the support of EAP-GTC.
EAP-GTC by nature is enscapsulated in the PEAP TLS tunnel. It cannot be used inside the EAP-TTLS tunnel, which only supports PAP, CHAP, or MSCHAPv2.
Also note that EAP-MSCHAPv2 and MSCHAPv2 (without the EAP prefix) aren't technically the same thing. Unfortunately a pretty confusing naming scheme.
The one with the EAP prefix indicates that it's still using the MSCHAPv2 authentication protocol but uses EAP identity messages to handle the authentication. Here is a good explanation of that process:
-
jcat009,
I've not had time to read and conjutate on this yet, but thank you for your efforts. The subtlety about this problem makes for the best kind of teaching because the problem really stumped me and that told me I still hadn't mastered the topic.
And thanks especially for the link which was a great refresher. Are there similar links on the Aruba website for other EAP ladder diagrams?
--User Hostile
-
Just a note from a historical perspective, having nothing to do with your question (sigh).
The "ladder diagrams" referred to, are just an alternative way of presenting a state diagram, or state machine - similar to those you'll find in other places, including IEEE standards.
As far as I know, IBM was the first to push this format. They produced many books of such diagrams, including those describing 3270 Bi-Sync and IBM 360 channel communication, which is where I got my first exposure to them in the 1970's.
From my perspective, this format has several advantages over the typical circle-and-arc type diagrams:
1. processes performed in a time, or step sequence, are usually much easier to grasp
2. the sequencing of events is usually easier to follow
3. contrary to circle-and-arc State Diagrams (SDM's), which can become extremely complex, and cover large sheets of paper, this format can continue in a decent sized font from page-to-page, without becoming microscopic
4. it's less of a problem today, but it's also easier to typeset
I'm a big proponent of SDM's, and couldn't pass up this opportunity to add my 2 cents. (I had actually started writing a book on them in the 80's).
PS: Poorly designed SDM's, incomplete, or poorly annotated ones, can be worse than nothing at all.
Cheers
-
Ah yes, state diagrams. My introduction was via William I. Fletcher "An Engineering Approach to Digital Design" in college. Verbose like no other textbook I've ever had, it still provided the best presentation of basic digital design I've ever used (I just bought my 3rd copy). It's a great book for refreshing my knowledge as I only engage in digital design very rarely anymore...
The only application of ladder logic I've ever seen is on PLCs. I never heard of this approach before till I started working as a temp in the nuclear industry about 5 years ago. Definitely a more friendly approach for folks who would consider state diagrams too abstract.
- 1