Extensible Authentication Protocol
The EAP is a framework that supports multiple methods of authentication. In essence,
EAP manages the authentication, but the variant of EAP used dictates how clients are
authenticated. Some authentication methods include:
• Token cards
• Kerberos
• Public key authentication
• Certificates
• Smart cards
• One-time passwords (OTP)
Several variations on EAP are possible. Depending on your organization’s need, it
allows different types of authentication.
As Figure 4-1 shows, EAP authentication is a multistep process:
1. The client associates with the AP.
2. The AP blocks the client from accessing the network.
3. The client provides login information.
4. A Remote Authentication Dial-In User Service (RADIUS) server and client
authenticate each other.
5. A RADIUS server and client agree on a WEP key.
6. Authentication is completed.
This is the basic framework of how EAP works. However, individual authentication
methods can make the process slightly different.