Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Configuring the EAP Methods for WiMAX

The following EAP authentication protocols can be used for WiMAX sessions:

  • EAP-TLS (Transport Layer Security) protocol
  • EAP-TTLS (Tunneled Transport Layer Security) protocol
  • EAP-AKA (Authentication and Key Agreement) protocol

    Note: The EAP-AKA protocol requires a license for the optional SIM authentication module.

For WiMAX the only specific parameter that needs to be configured for these EAP authentication protocols is ensuring that the Return MPPE Keys check box is disabled. Other than disabling this option, you do not need to configure any other special parameters to use these authentication methods for WiMAX sessions. Follow the procedures described in Setting Up EAP Methods for the EAP-TLS and EAP-TTLS protocols. For the EAP-AKA protocol, follow the procedures described in Configuring the WiMAX Mobility Module in this guide and the section on Optional Authentication Module Configuration Files” in the SBR Carrier Reference Guide.

EAP-TTLS Secondary Authentication Support

For WiMAX applications using EAP-TTLS, you can perform a secondary authentication that verifies the MAC address field in the client certificate against the Calling-Station-Id in the outer Access-Request. If they do not match, the request is rejected. This checking is enabled by setting the Check-CN-In-TTLS-Client-Certificate parameter in the wimax.ini file. For more information, see the WiMAX Mobility Module Configuration File section in the SBR Carrier Reference Guide.

 

Modified: 2017-03-07