↪️
ccie.nyquist.eu
  • Table of Contents
  • Layer 2 Technologies
    • Ethernet Switching
      • L2 Switch Operations
      • Spanning Tree
        • 802.1d – STP
        • 802.1w – RSTP
        • 802.1s – MSTP
      • VTP 101
      • Private VLANs
      • VLANs
      • EtherChannel 101
    • Layer 2 WAN Protocols
      • HDLC
        • HDLC 101
      • PPP
        • PPP 101
        • PPP Authentication - PAP
        • PPP Authentication – CHAP
        • PPP Authentication – EAP
        • PPP Multilink
        • PPPoFR – PPP over Frame Relay
        • PPPoE – PPP over Ethernet
      • Frame Relay
        • Frame Relay 101
        • Frame Relay 102
        • Frame Relay Encapsulations – IETF vs Cisco
        • Multilink Frame Relay
        • Frame Relay Switching
        • Routing over Frame Relay
      • Bridging
        • Bridging on a router
        • MTU 101
    • Wireless
      • Wireless Principles
      • Wireless Implementations
      • Wireless Roaming
      • Wireless Authentication
        • WPA2 PSK
        • WPA2 802.1X
  • IPv4
    • IPv4 Addressing
      • Backup Interfaces
      • FHRP 101
      • DHCP 101
      • DNS 101
      • ARP 101
      • IPv4 101
      • Tunnel Interfaces
        • GRE Tunnels
      • BFD – Bidirectional Forwarding Detection
    • IPv4 Routing
      • How the routing table is built
        • How CEF works
        • Routing Order of Operations
        • NSF – Non Stop Forwarding
      • RIP
        • RIP 101
      • EIGRP
        • EIGRP 101
        • EIGRP Metric
        • More EIGRP Features
      • OSPF
        • OSPF 101
        • OSPF Areas
        • OSPF LSAs
        • OSPF Mechanics
      • IS-IS
        • IS-IS 101
        • IS-IS Mechanics – CLNP
      • BGP
        • BGP 101
        • BGP Attributes
        • More BGP
      • Route Redistribution
      • Policy based Routing
      • PfR 101 – Perfromance Routing
      • ODR
  • IPv6
    • IPv6-101
    • IPv6 Routing
    • Interconnecting IPv6 and IPv4
  • MPLS
    • MPLS 101
    • MPLS L3 VPN
  • Multicast
    • Multicast 101
    • PIM 101
    • IGMP 101
    • Inter Domain Multicast
    • IPv6 Multicast
    • Multicast features on switches
  • Security
    • NAT 101
    • NAT for Overlapping Networks
    • ACLs 101
    • ACLs 102
    • Cisco IOS Firewall
    • Zone Based Firewall
    • AAA 101
    • Controlling CLI Access
    • Control Plane
    • Switch Security
      • Switchport Traffic Control
      • Switchport Port Security
      • DHCP Snooping and DAI
      • 802.1x
      • Switch ACLs
    • IPSec VPN 101
      • IKE / ISAKMP 101
      • IPSEC Crypto Maps 101
      • IPSEC VTI 101
      • DMVPN 101
    • EAP 101
  • Network Services
    • NTP 101
    • HTTP 101
    • File Transfer 101 – TFTP & FTP
    • WCCP 101
  • QoS
    • QoS 101
    • Classification and Marking
    • Congestion Management
      • Legacy Congestion Management
      • SPD – Selective Packet Discard
      • CBWFQ
      • IP RTP Priority
    • Congestion Avoidance – WRED
    • Policing and Shaping
      • CAR 101
    • Compression and LFI
      • Header and Payload Compression
      • LFI for MultiLink PPP
    • Frame Relay QoS
      • Per VC Frame Relay QoS
    • RSVP 101
    • Switching QoS
  • Network Optimization
    • NetFlow 101 – TNF – Traditional NetFlow
    • NetFlow 102 – FNF – Flexible NetFlow
    • IP SLA 101
    • IP Accounting 101
    • Logging 101
    • SNMP and RMON 101
    • Cisco CLI Tips and Tricks
    • AutoInstall
    • Enhanced Object Tracking
    • Troubleshooting 101
    • SPAN, RSPAN, ERSPAN
  • Network Architecture
    • Hierarchical Network Architecture
    • SD Access
    • SD WAN
Powered by GitBook
On this page
  • EAP Types
  • EAP-TLS
  • PEAP
  • EAP-FAST

Was this helpful?

  1. Security

EAP 101

EAP (Extensible Authentication Protocol) is a general protocol for authentication that supports multiple authentication methods. EAP doesn't specify the type of authentication to use, but rather the authentication steps

EAP consists of 4 packets:

  • EAP Request: Authenticator sends the request packe to the supplicant.

  • EAP Response: The suplicant sends the response packet to the authenticator and uses a sequence number to identify each request.

    • One response could be NAK which means the authentication method is not supported

  • EAP Success: The authenticator sends the success packet to the supplicant after a succesful authentication

  • EAP Failure: The authenticator sends the success packet to the supplicant after a failed authentication

EAP Types

The most common forms of EAP are:

EAP Types
EAP-TLS
PEAP
EAP-FAST
EAP-TTLS
LEAP

Mutual Authentication

YES

YES

YES

YES

YES

Client certificate required

YES

NO

NO

NO

NO

Server certificate required

YES

YES

Optional

YES

NO

Wi-Fi Security

Very High

High

High

High

Medium

Provider

Microsoft

Microsoft, Cisco

Cisco

Funk (Juniper)

Cisco

Rogue AP Detection

No

No

Yes

No

No

EAP-TLS

It is very secure but requires client certificates so a PKI infrastructure should be in place.

PEAP

It requires only server side certificate and it is supported by Cisco and Microsoft. There are 2 implementations: PEAP-GTC (generic implementation) and PEAP-MS-CHAPv2 (works with Microsoft AD)

EAP-FAST

It aims to provide as much security as EAP-TLS but without the need to manage certificates on client or server side.

PreviousDMVPN 101NextNTP 101

Last updated 2 years ago

Was this helpful?