N o t e
N o t e
Access Control Concepts
Network Access Control Technologies
MS-CHAPv2
The most common version of CHAP used in contemporary networks is MS- CHAPv2.
EAP
EAP establishes a standardized framework for authentication protocols. The first EAP request and response packets initiate the authentication process. Subsequent packets are EAP method packets, which essentially encapsulate other authentication protocols. (When selecting an EAP type, you must ensure that both the RADIUS server and the 802.1X supplicant that runs on the endpoint support that EAP type. For more information about supplicants, see “Authentication Requirements” on page
You will probably use EAP in an Ethernet network; this particular brand of EAP is more precisely called EAP over LAN (EAPOL). However, this design guide follows common usage and refers simply to EAP.
Because EAP can encapsulate any authentication protocol as an EAP method, it provides flexibility. New methods can be developed to meet new needs; all methods fit within the standard framework, so you can choose the ones that meet your security requirements.
EAP methods range from relatively insecure to very secure and from simple to complex to deploy. You should familiarize yourself with the most common EAP methods, all of which are
Although EAP can encapsulate any authentication protocol, only the proto- cols that pass Internet Assigned Numbers Authority (IANA) screening are designated as registered EAP methods and assigned a standard EAP number. As of early 2007, IANA recognized more than 40 EAP registered authentication protocols. Many of these are
