Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
12530
Views
0
Helpful
0
Comments

What is Extensible Authentication Protocol?

TCC_2
Level 10
Level 10

‎06-22-2009 05:08 PM - edited ‎11-18-2020 02:37 AM

Resolution

Extensible Authentication Protocol (EAP) is an authentication protocol that supports multiple authentication methods, passwords, RADIUS, and so on. Lightweight Extensible Authentication Protocol (LEAP) is the Cisco authentication protocol. LEAP is based on EAP, an extension to PPP.

This authentication type provides the highest level of security for your wireless network. By using EAP to interact with an EAP-compatible RADIUS server, the Access Point (AP) helps a wireless client device and the RADIUS server perform mutual authentication and derive a dynamic unicast Wired Equivalent Privacy (WEP) key. The RADIUS server sends the WEP key to the AP, which uses it for all unicast data signals that it sends to or receives from the client. The AP also encrypts its broadcast WEP key (entered in the access AP's WEP key slot 1) with the client's unicast key and sends it to the client.

There is more than one type of EAP authentication, but the AP behaves the same way for each type. It relays authentication messages from the wireless client device to the RADIUS server, and from the RADIUS server to the wireless client device. For instructions on setting up EAP on the AP, refer to the Assigning Authentication Types to an SSID section of Configuring Authentication Types.

Open authentication allows any device to authenticate and then attempt to communicate with the AP. Where the SSID is set for authentication, type open with EAP authentication. The AP forces all client devices to perform EAP authentication before they are allowed to join the network.

Note: An AP configured for EAP authentication forces all client devices that associate to perform EAP authentication. Client devices that do not use EAP cannot use the AP.

Where the authentication type for the SSID is set to Network-EAP, using EAP to interact with an EAP-compatible RADIUS server, the AP helps a wireless client device and the RADIUS server perform mutual authentication. It also derives a dynamic unicast WEP key. However, the AP does not force all client devices to perform EAP authentication.

For more information on configuring different cipher suits and WEP on the AP, refer to Configuring Cipher Suites and WEP.

For additional information, refer to the EAP Authentication to the Network section of Configuring Authentication Types.

Problem Type

Definitions

Release notes / product  overview / data sheet / FAQ

Security Options

EAP

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents