In good old days, people dial up to the ISP with a modem supported by the Point-to-Point Protocol, PPP. The client connected through PPP is authenticated, if required, by PAP or CHAP. The Extensible Authentication Protocol (EAP) is an authentication framework to extend PPP authentication.

EAP defines simple messages and their formats only; request and response are the core messages communicated between the peer (client) and the authenticator (server). EAP specifies how the authenticator requests identity and credential (MD5, OTP, or Token) and notifies the authentication outcome (success or failure). It also determines how the peer responds to the authenticator’s requests. However, EAP does not define how the authenticator verifies and validates the client’s identity, that can be completed by RADIUS, LDAP, or other protocols.

Remote access (e.g., dial-up, VPN), LAN, or wireless networks can authenticate clients through the EAP authentication framework.