RFC 3579 (rfc3579) - Page 2 of 46


RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)



Alternative Format: Original Text Document



RFC 3579                      RADIUS & EAP                September 2003


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Specification of Requirements. . . . . . . . . . . . . .  3
       1.2.  Terminology. . . . . . . . . . . . . . . . . . . . . . .  3
   2.  RADIUS Support for EAP . . . . . . . . . . . . . . . . . . . .  4
       2.1.  Protocol Overview. . . . . . . . . . . . . . . . . . . .  5
       2.2.  Invalid Packets. . . . . . . . . . . . . . . . . . . . .  9
       2.3.  Retransmission . . . . . . . . . . . . . . . . . . . . . 10
       2.4.  Fragmentation. . . . . . . . . . . . . . . . . . . . . . 10
       2.5.  Alternative uses . . . . . . . . . . . . . . . . . . . . 11
       2.6.  Usage Guidelines . . . . . . . . . . . . . . . . . . . . 11
   3.  Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 14
       3.1.  EAP-Message. . . . . . . . . . . . . . . . . . . . . . . 15
       3.2.  Message-Authenticator. . . . . . . . . . . . . . . . . . 16
       3.3.  Table of Attributes. . . . . . . . . . . . . . . . . . . 18
   4.  Security Considerations. . . . . . . . . . . . . . . . . . . . 19
       4.1.  Security Requirements. . . . . . . . . . . . . . . . . . 19
       4.2.  Security Protocol. . . . . . . . . . . . . . . . . . . . 20
       4.3.  Security Issues. . . . . . . . . . . . . . . . . . . . . 22
   5.  IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 30
   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 30
       6.1.  Normative References . . . . . . . . . . . . . . . . . . 30
       6.2.  Informative References . . . . . . . . . . . . . . . . . 32
   Appendix A - Examples. . . . . . . . . . . . . . . . . . . . . . . 34
   Appendix B - Change Log. . . . . . . . . . . . . . . . . . . . . . 43
   Intellectual Property Statement. . . . . . . . . . . . . . . . . . 44
   Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 44
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 45
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 46

1.  Introduction

   The Remote Authentication Dial In User Service (RADIUS) is an
   authentication, authorization and accounting protocol used to control
   network access.  RADIUS authentication and authorization is specified
   in [RFC 2865], and RADIUS accounting is specified in [RFC 2866]; RADIUS
   over IPv6 is specified in [RFC 3162].

   The Extensible Authentication Protocol (EAP), defined in [RFC 2284],
   is an authentication framework which supports multiple authentication
   mechanisms.  EAP may be used on dedicated links, switched circuits,
   and wired as well as wireless links.

   To date, EAP has been implemented with hosts and routers that connect
   via switched circuits or dial-up lines using PPP [RFC 1661].  It has
   also been implemented with bridges supporting [IEEE802].  EAP
   encapsulation on IEEE 802 wired media is described in [IEEE8021X].



Aboba & Calhoun              Informational