Steel-Belted Radius Carrier 7.2.x Administration and Configuration Guide > Configuring the WiMAX Mobility Module > Configuring the EAP Methods for WiMAX

Configuring the EAP Methods for WiMAX

The following EAP authentication protocols can be used for WiMAX sessions:

• EAP-TLS (Transport Layer Security) protocol
• EAP-TTLS (Tunneled Transport Layer Security) protocol
• EAP-AKA (Authentication and Key Agreement) protocol
  

  NOTE: The EAP-AKA protocol requires a license for the optional SIM authentication module.

  
  

For WiMAX the only specific parameter that needs to be configured for these EAP authentication protocols is ensuring that the Return MPPE Keys check box is disabled. Other than disabling this option, you do not need to configure any other special parameters to use these authentication methods for WiMAX sessions. Follow the procedures described in Chapter 15, Setting Up EAP Methods for the EAP-TLS and EAP-TTLS protocols. For the EAP-AKA protocol, follow the procedures described in Chapter 25, SIM Authentication Module in this guide and Optional Authentication Module Configuration Files in the Steel-Belted Radius Carrier 7.2 Reference Guide.

EAP-TTLS Secondary Authentication Support

For WiMAX applications using EAP-TTLS, you can perform a secondary authentication that verifies the MAC address field in the client certificate against the Calling-Station-Id in the outer Access-Request. If they do not match, the request is rejected. This checking is enabled by setting the Check-CN-In-TTLS-Client-Certificate parameter in the wimax.ini file. For more information, see Chapter 25, WiMAX Mobility Module Configuration File in the Steel-Belted Radius Carrier 7.2 Reference Guide.