ZyXEL Communications G-570S User Manual

ZyXEL G-570S User’s Guide

Appendix C Wireless LANs

143

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the 
IEEE802.1x transport mechanism in order to support multiple types of user authentication. By 
using EAP to interact with an EAP-compatible RADIUS server, the access point helps a 
wireless station and a RADIUS server perform authentication. 

The type of authentication you use depends on the RADIUS server or the AP. 

The following figure shows an overview of authentication when you specify a RADIUS server 
on your access point.

Figure 107   EAP Authentication

The details below provide a general description of how IEEE 802.1x EAP authentication 
works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix. 

1 The wireless station sends a “start” message to the device. 

2 The device sends a “request identity” message to the wireless station for identity 

information.

3 The wireless station replies with identity information, including username and password. 

4 The RADIUS server checks the user information against its user profile database and 

determines whether or not to authenticate the wireless station.

This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-
TTLS, PEAP and LEAP. 

The type of authentication you use depends on the RADIUS server or the AP. Consult your 
network administrator for more information.

MD5 authentication is the simplest one-way authentication method. The authentication server 
sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the 
password by encrypting the password with the challenge and sends back the information. 
Password is not sent in plain text.