Extensible Authentication Protocol (EAP) extends Point-to-Point Protocol (PPP) by allowing arbitrary authentication methods that use credential and information exchanges of arbitrary lengths. EAP was developed in response to an increasing demand for authentication methods that use security devices, such as smart cards, token cards, and crypto calculators. EAP provides an industry-standard architecture for supporting additional authentication methods within PPP.
By using EAP, you can support additional authentication schemes, known as EAP types. These schemes include token cards, one-time passwords, public key authentication using smart cards, and certificates. EAP, in conjunction with strong EAP types, is a critical technology component for secure virtual private network (VPN) connections. Strong EAP types, such as those based on certificates, offer better security against brute-force or dictionary attacks and password guessing than password-based authentication protocols, such as CHAP or MS-CHAP.
To find out if an EAP type is being used in your organization, contact your network administrator.
To configure a connection for EAP, see To configure identity authentication and data encryption settings.
The
EAP-TLS is a mutual authentication method, which means that both the client and the server prove their identities to each other. During the authentication process, the remote access client sends its user certificate and the remote access server sends its computer certificate. If either certificate is not sent or is invalid, the connection is terminated.
Note