1.3 Extensible Authentication Protocol (EAP)

The Extensible Authentication Protocol (EAP) is a point-to-point (P2P) wireless and LAN authentication framework providing a variety of authentication mechanisms. The EAP method provides a request or response framework over which a specific authentication algorithm is implemented. Most commonly used EAP methods in wireless networks are EAP-TLS, EAP-PEAPv0, EAP-PEAPv1 and EAP-TTLS. The following figure shows the summary of the EAP packet format. The fields read from left to right.

Figure 1-3. EAP Packet Format
Code – This has 8 bits. It identifies the type of the EAP packet and can have the following EAP code numbers:
  • 1 – Request
  • 2 – Response
  • 3 – Success
  • 4 – Failure

Identifier – This has 8 bits and matches Responses with Requests

Length – This field is 16 bits and indicates the length, in octets, of the EAP packet including the Code, Identifier, Length and Data fields.

Data – The format of this field is determined by the Code field.

If the code is set to Request/Response, the Data field consists of a byte which indicates the EAP Type, followed by zero or more bytes of Type Data.

The EAP Types recognized by the ATWINC Enterprise implementation are:
  • 1 – Identity
  • 3 – Nak
  • 13 – TLS
  • 21 – TTLS
  • 25 – PEAP
  • 26 – MSCHAPv2
  • 33 – Extensions (used within PEAPv0 only)

For the official registry of all EAP Types, refer to www.iana.org/assignments/eap-numbers/eap-numbers.xhtml.

Note: For more details about EAP protocol, refer to tools.ietf.org/html/rfc3748.