# EAP 101 EAP (Extensible Authentication Protocol) is a general protocol for authentication that supports multiple authentication methods. EAP doesn't specify the type of authentication to use, but rather the authentication steps EAP consists of 4 packets: * **EAP Request**: Authenticator sends the request packe to the supplicant. * **EAP Response**: The suplicant sends the response packet to the authenticator and uses a sequence number to identify each request. * One response could be NAK which means the authentication method is not supported * **EAP Success**: The authenticator sends the success packet to the supplicant after a succesful authentication * **EAP Failure**: The authenticator sends the success packet to the supplicant after a failed authentication ## EAP Types The most common forms of EAP are: | EAP Types | EAP-TLS | PEAP | EAP-FAST | EAP-TTLS | LEAP | | --------------------------- | --------- | ---------------- | -------- | -------------- | ------ | | Mutual Authentication | YES | YES | YES | YES | YES | | Client certificate required | YES | NO | NO | NO | NO | | Server certificate required | YES | YES | Optional | YES | NO | | Wi-Fi Security | Very High | High | High | High | Medium | | Provider | Microsoft | Microsoft, Cisco | Cisco | Funk (Juniper) | Cisco | | Rogue AP Detection | No | No | Yes | No | No | ### EAP-TLS It is very secure but requires client certificates so a PKI infrastructure should be in place. ### PEAP It requires only server side certificate and it is supported by Cisco and Microsoft. There are 2 implementations: **PEAP-GTC** (generic implementation) and **PEAP-MS-CHAPv2** (works with Microsoft AD) ### EAP-FAST It aims to provide as much security as EAP-TLS but without the need to manage certificates on client or server side.