EAP, is an authentication framework
frequently used in wireless networks and Point-to-Point connections.
Although EAP is not limited to wireless LANs and can be used for
wired LAN authentication, it is most often used in wireless LANs.
The WPA and WPA2 standard has adopted five EAP types as its official
EAP is an authentication framework, not a specific authentication
mechanism. It provides some common functions and negotiation of
authentication methods, called EAP methods. There are currently
about 40 different methods defined. Methods defined in IETF RFCs
include EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, and
EAP-AKA, and in addition a number of vendor specific methods and new
proposals exist. Commonly used modern methods capable of operating
in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, PEAP,LEAP
When EAP is invoked by an 802.1X enabled Network Access Server (NAS)
device such as an 802.11 Wireless Access Point, modern EAP methods
can provide a secure authentication mechanism and negotiate a secure
Pair-wise Master Key (PMK) between the client and NAS. The PMK can
then be used for the wireless encryption session which uses TKIP or
CCMP(based on AES) encryption.
EAP is not a wire protocol; instead it only defines message formats.
Each protocol that uses EAP defines a way to encapsulate EAP
messages within that protocol's messages. In the case of 802.1X,
this encapsulation is called EAPOL, "EAP over LANs".