RFC 3579 (rfc3579) - Page 2 of 46
RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)
Alternative Format: Original Text Document
RFC 3579 RADIUS & EAP September 2003
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Specification of Requirements. . . . . . . . . . . . . . 3
1.2. Terminology. . . . . . . . . . . . . . . . . . . . . . . 3
2. RADIUS Support for EAP . . . . . . . . . . . . . . . . . . . . 4
2.1. Protocol Overview. . . . . . . . . . . . . . . . . . . . 5
2.2. Invalid Packets. . . . . . . . . . . . . . . . . . . . . 9
2.3. Retransmission . . . . . . . . . . . . . . . . . . . . . 10
2.4. Fragmentation. . . . . . . . . . . . . . . . . . . . . . 10
2.5. Alternative uses . . . . . . . . . . . . . . . . . . . . 11
2.6. Usage Guidelines . . . . . . . . . . . . . . . . . . . . 11
3. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.1. EAP-Message. . . . . . . . . . . . . . . . . . . . . . . 15
3.2. Message-Authenticator. . . . . . . . . . . . . . . . . . 16
3.3. Table of Attributes. . . . . . . . . . . . . . . . . . . 18
4. Security Considerations. . . . . . . . . . . . . . . . . . . . 19
4.1. Security Requirements. . . . . . . . . . . . . . . . . . 19
4.2. Security Protocol. . . . . . . . . . . . . . . . . . . . 20
4.3. Security Issues. . . . . . . . . . . . . . . . . . . . . 22
5. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 30
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 30
6.1. Normative References . . . . . . . . . . . . . . . . . . 30
6.2. Informative References . . . . . . . . . . . . . . . . . 32
Appendix A - Examples. . . . . . . . . . . . . . . . . . . . . . . 34
Appendix B - Change Log. . . . . . . . . . . . . . . . . . . . . . 43
Intellectual Property Statement. . . . . . . . . . . . . . . . . . 44
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 44
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 45
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 46
1. Introduction
The Remote Authentication Dial In User Service (RADIUS) is an
authentication, authorization and accounting protocol used to control
network access. RADIUS authentication and authorization is specified
in [RFC 2865], and RADIUS accounting is specified in [RFC 2866]; RADIUS
over IPv6 is specified in [RFC 3162].
The Extensible Authentication Protocol (EAP), defined in [RFC 2284],
is an authentication framework which supports multiple authentication
mechanisms. EAP may be used on dedicated links, switched circuits,
and wired as well as wireless links.
To date, EAP has been implemented with hosts and routers that connect
via switched circuits or dial-up lines using PPP [RFC 1661]. It has
also been implemented with bridges supporting [IEEE802]. EAP
encapsulation on IEEE 802 wired media is described in [IEEE8021X].
Aboba & Calhoun Informational