EAP basics
EAP is used to authenticate a user before he or she is allowed access onto the network. Since EAP is a framework with extensibility in mind, it uses one of many available methods to authenticate a user. This section gives a very basic idea of how EAP works. The gory details of EAP are described in RFC 3748. We will first look at EAP's three core components and continue to see what a typical EAP conversation over the LAN looks like.
EAP components
The following diagram shows the various components of the EAP framework:
There are three main components involved in the EAP framework.
Authenticator
The authenticator is the gate keeper. It controls who has access to the network and who is blocked. Here are a few examples of authenticators:
- A managed switch that supports 802.1x on the LAN.
- An access point that incorporates WPA2-Enterprise Wi-Fi security.
- A remote access server that supports PPP EAP. Open Source remote access servers available today include OpenVPN, Poptop (PPTP), strongSwan...
