Information Security all in one place!

IEEE 802.1X/EAP authentication in wireless networks


There are many ways to implement IEEE 802.1X/EAP authentication in wireless networks. Choosing one implies understanding the differences and adapting to the security context of the enterprise.

Although certificates are used extensively in many wireless networks with 802.1X/EAP, not all types of EAP use them. Here I will cover two that do and happen to be my favorites.

Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) and Protected Extensible Authentication Protocol (PEAP) both require the use of certificates. To use EAP-TLS, a certificate (a public key and a private key) must be installed on both the authentication server and the client. An authentication server pair of keys and a client pair of keys need to be generated first and signed using a public key infrastructure (PKI), then installed on the required server and/or client. On the client side, the keys can be issued for the computer (the term “machine certificate” is usually used) and/or for the user.

PEAP could be seen as compromise between EAP-TLS, which relies entirely on a certificate-based infrastructure, versus EAP-FAST, which does not require any certificate exchange between the client and the authentication server. With PEAP, a certificate is required, but only on the server side.


Let's hear what you have to say.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s