How to Implement EAP authentication in Radius protocol

How to Implement EAP Authentication (Extended Authentication Protocol) in Radius Protocol is located in PPP Authentication Protocol, and provides a general framework for different Authentication methods. EAP is used to pass authentication information between the requester and the authentication server. Actual authentication is defined and processed according to the EAP type. Www.2cto.com EAP is not an authentication mechanism, but a general architecture. Used to transmit the actual authentication protocol. The advantage of EAP is that when a new authentication protocol is developed, the basic EAP mechanism does not need to change. Currently, there are more than 20 different EAP protocols. For example, the Protocol framework of EAP can exchange information between the device and the RADIUS server in two ways. One is that the EAP Protocol packets are carried in the RADIUS Protocol using the EAPOR (EAP over RADIUS) Encapsulation Format; the other is that the device ends the EAP Protocol packets using the Password Authentication Protocol, password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocal, Challenge Handshake Authentication Protocol) packets are authenticated with the RADIUS server. In this way, there are two authentication methods in the authentication process: EAP relay and EAP termination. Www.2cto.com the EAP relay method is stipulated by the IEEE 802.1X Standard. It carries EAP (Extended Authentication Protocol) in other high-level protocols, such as EAP over RADIUS, this allows Extended Authentication Protocol packets to pass through complex networks to the authentication server. In general, the RADIUS server is required to support EAP attributes in the EAP relay mode: EAP-Message and Message-Authenticator. The EAP termination method terminates the EAP packets on the device and maps them to the RADIUS packets. Standard RADIUS protocol is used for authentication, authorization, and billing. You can use the PAP or CHAP authentication method between the device and the RADIUS server. In RFC2869, RADIUS adds two attributes to support EAP authentication: EAP-Message (EAP Message) and Message-Authenticator (Message authentication code ). EAP-Message graph EAP-Message attribute encapsulation. This attribute is used to encapsulate EAP data packets. The type code is 79 and the String field can contain a maximum of 253 bytes. If the EAP data packet length is greater than 253 bytes, it can be sliced and encapsulated in multiple EAP-Message attributes in sequence. The EAP-Authenticator attribute in the Message-Authenticator graph of www.2cto.com. This attribute is used to prevent access request packets from being eavesdropped when using authentication methods such as EAP and CHAP. Message-Authenticator must be included in the packets that contain the EAP-Message attribute. Otherwise, the packets are discarded because they are considered invalid. Author Wang Hao