1

In the PSK authentication method, I see only 4 way handshake packets between supplicant and authenticator. They are called EAPoL in the Wireshark

enter image description here

What I know that when EAP is carried over LAN (protocols) then it is called EAPoL. This is generally message exchange between supplicant and authenticator. But in the enterprise network, there are EAP frames prior to EAPoL.

enter image description here

How, in this case, EAP and EAPoL are different, if EAPoL is the wrapper of EAP frames carried over LAN. Doesn't EAP frames carried over LAN through Authenticator to Authenticator Server? What I know is that there is no direct link between authentication server and supplicant, so authenticator has to come into the scene via uncontrolled ports to allow exchange of these specific frames.

Improve this question
1
  • 1
    Look at the entire frame, not what wireshark decides to show in a summary.
    – Ricky
    Commented Apr 11 at 5:11

1 Answer 1

Reset to default
0

EAP frames are basically carried over the Authenticator (NAS) and transparently passed onto then AAA server, but EAPoL are the messages exchange between supplicant and then authenticator.

Image is taken from https://www.ciscopress.com/articles/article.asp?p=3145772&seqNum=2

Why EAPoL? In my opinion, the network (based on distance) between supplicant and authenticator is Local network. Hence LAN, hence EAP over LAN.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.