A security administrator is tasked with selecting an authentication framework that can be deployed on both a new WPA3-Enterprise Wi-Fi network and several legacy PPP dial-up links. The solution must allow the company to swap among smart-card logons, one-time passwords, or certificate-based credentials without changing the underlying transport. Which authentication framework satisfies these requirements?
Remote Authentication Dial-In User Service (RADIUS)
Extensible Authentication Protocol (EAP) is an authentication framework, not a single method. Defined in RFC 3748, EAP runs directly over data-link layers such as PPP and IEEE 802 (used by 802.1X). Because it is extensible, the organization can choose among many credential types-smart cards (EAP-TLS), one-time passwords (EAP-OTP), or password-based tunneling (PEAP)-without altering the framework. WPA/WPA2/WPA3-Enterprise all rely on 802.1X and EAP for client authentication, so the same framework works across Wi-Fi and PPP links. RADIUS and Kerberos are authentication servers/protocols rather than link-layer frameworks, while PEAP is only one EAP method, not the overarching framework.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the differences between EAP and PEAP?
Open an interactive chat with Bash
How does EAP work in wireless networks like WPA2?
Open an interactive chat with Bash
What are some common EAP methods and their use cases?