What is the difference between Transparent 802.1X and Internal 802.1X authentication on the BSC?

Version 1

    Q: What is the difference between Transparent 802.1X and Internal 802.1X authentication on the BSC?

     

    A: Transparent 802.1X

    -Supports the following EAP types.

         -EAP-TLS

         -TTLS

         -PEAP

         -Cisco-LEAP

         -MD5

    -Supports machine authentication.

    -Required to apply group policy, run login scripts, and allow logins by non-cached domain users.

    -Access points send RADIUS requests to RADIUS server. -Requires certificate installed on RADIUS server.

     

    Internal 802.1X

    -Supports the following EAP types.

         -TTLS

         -PEAP

         -FAST

    -Does NOT support machine authentication.

    -Can't apply group policy, run login scripts and non-cached domain users will not be able to login.

    -Access points send RADIUS requests to BSC. BSC is the RADIUS server and terminates EAP.

    -BSC can authenticate user against local user database.

    -Proxy inner method (i.e. PAP, CHAP, MSCHAP, MSCHAPv2) to external RADIUS server.

    -*Authenticate user directly against LDAP server if LDAP server has readable attribute containing the MD4 hash of the user's password.

    *Microsoft Active Directory does NOT have a readable attribute containing the MD4 hash of the users password and therefore authenticating directly against MS AD is NOT supported. Use IAS or NPS with MS AD.

    -Leverages certificate already installed on BSC.

    -Allows you to support 802.1X authentication without deploying a RADIUS server(Local User DB/LDAP) or with a RADIUS server that doesn't support EAP.