Thursday, October 29, 2009

EAP Packet Types, EAP Supplicants


EAP request -sent by the authenticator to supplicant
     The type field is used to indicate what is requested
     The sequence number is used to allow authenticator
     peer to match the response to the request.
EAP response - sent by supplicant to the authenticator

     The sequence number is used to match EAP request,
     except if the response is a negative acknowledgement (NAK)
EAP success - sent from authenticator to supplicant
     Sent when successful authentication has occurred.
EAP failure - sent from authenticator to supplicant
     Sent when unsuccessful authentication has occurred.

EAP Supplicants
  • PEAP MSCHAPv2 - uses TLS tunnel to protect an encapsulated MSCHAPv2 exchange between WLAN clients and the authentication server.
  • PEAP GTC - uses a TLS tunnel to protect a generic token card exchange (one time password or LDAP authentication)
  • EAP FAST - uses a tunnel similar to PEAP, but does not require the use of a PKI infrastructure.
  • EAP TLS - uses PKI to authenticate the WLAN network to the WLAN client, requiring a client certificate and an authentication server certificate

No comments:

Post a Comment