Your enterprise customer is considering adding a VoWLAN service to their existing wireless
deployment. The VoWLAN wireless phones have limited power and processing capabilities. The
IT manager insists that, while the authentication protocol must preserve battery and processing
power, it must also be secure. Assume that the wireless phones and AAA infrastructure support all
the EAP methods listed within the options. Which one of the below 802.1X EAP authentication
protocols would you recommend to your customer?
A.
EAP-FAST
B.
EAP-TLS
C.
EAP-TTLS
D.
LEAP
EAP-FAST, if available, is the recommended EAP type for use of VoWLAN deployments. For more information about EAP-FAST, refer to EAP-FAST.
EAP-FAST
The recommended replacement for LEAP is EAP-Flexible Authentication via Secure Tunneling (EAP-FAST). The EAP-FAST protocol was specifically design to take into account the limited processing power of application specific devices (ASDs) such as VoWLAN handsets. It is designed to provide the same tunneling protection as a tunneled authentication protocol such as PEAP, without requiring the Public Key Infrastructure (PKI) overhead associated with setting up the TLS tunnel used in PEAP. As a tunneled protocol EAP-FAST is capable of supporting multiple inner authentication mechanism such as MSCHAPv2 or GTC, the supported inner authentication mechanism depends upon the client implementation.
——
Voice over Wireless LAN 4.1 Design Guide