AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility by Mahsa Nakhjiri, Madjid Nakhjiri

10.2. Protocol Overview

The EAP message set and format were explained in Chapter 2. As seen there, EAP message set consists of only 4 messages, of which only EAP request (from server/NAS towards supplicant) and EAP response (from supplicant to server/NAS) carry data, while EAP success and EAP failure messages only carry the result of the authentication procedure.

The simplicity of the EAP message set is quite reasonable, if we bear in mind that EAP is only meant to carry the exchange messaging for a specific authentication method that is performed between the peer and the EAP server (typically the AAA server) and at the same time allow a dumb NAS to act as a pass-through on the path between the peer and the server. The NAS only need to understand the EAP success and failure message, while allowing EAP requests and responses to pass through without understanding their content or meaning. A type field within the request and response messages is used to indicate the type of data as well as the type of authentication mechanism that is being used. Examples of lower type values used in the request/response packets are shown in Table 10.1, while the use of type field to indicate specific authentication mechanisms is shown later on in this section. The EAP framework specification calls these mechanisms the "EAP methods" and refers to messaging specific to those mechanisms as method-specific messaging.

A typical EAP exchange (sometimes referred to as EAP conversation) proceeds as follows: ...