Last updateTue, 02 Jan 2018 3am

PPP, EAP, 802.1x…what’s the difference?

BlackBox: The PPP, EAP, and 802.1x protocols are often confused with each other, which is no wonder because they’re all interrelated and involve authentication.

Point-to-Point Protocol (PPP) was originally a protocol for connecting and authenticating dialup modems. Today’s PPP is usually encapsulated in Ethernet frames and operates over Ethernet as PPP over Ethernet (PPPoE). PPPoE is commonly used for cable modem or DSL connections to an ISP for Internet access. PPP includes two authentication mechanisms: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).

Extensible Authentication Protocol (EAP) is an authentication protocol framework that works inside PPP to provide support for authentication protocols beyond the original PAP and CHAP protocols. EAP supports a wide range of authentication mechanisms including Kerberos, passwords, certificates, and public key authentication, as well as hardware schemes such as authentication dongles, smart cards, and USB tokens.

802.11x simply takes the EAP framework out of PPP and puts it into Ethernet, packetizing it for transmission over a wired or wireless network. 802.11x has three parts:

• Supplicant: A user who wants to join the network.
• Authenticator: An access point, switch, or other device which acts as a proxy between the user and the authentication server.
• Authentication Server: A server, usually a RADIUS server, which decides whether to accept the user’s request for network access.

When a user tries to access a network through a wireless access point or by plugging into an Ethernet port, the authenticator—usually an access point or switch—consults with the authentication server before allowing the user onto the network.