Extensible Authentication Protocol (EAP) is an authentication protocol that supports multiple authentication methods, passwords, RADIUS, and so on. Lightweight Extensible Authentication Protocol (LEAP) is the Cisco authentication protocol. LEAP is based on EAP, an extension to PPP.
This authentication type provides the highest level of security for your wireless network. By using EAP to interact with an EAP-compatible RADIUS server, the Access Point (AP) helps a wireless client device and the RADIUS server perform mutual authentication and derive a dynamic unicast Wired Equivalent Privacy (WEP) key. The RADIUS server sends the WEP key to the AP, which uses it for all unicast data signals that it sends to or receives from the client. The AP also encrypts its broadcast WEP key (entered in the access AP's WEP key slot 1) with the client's unicast key and sends it to the client.
There is more than one type of EAP authentication, but the AP behaves the same way for each type. It relays authentication messages from the wireless client device to the RADIUS server, and from the RADIUS server to the wireless client device. For instructions on setting up EAP on the AP, refer to the Assigning Authentication Types to an SSID section of Configuring Authentication Types.
Open authentication allows any device to authenticate and then attempt to communicate with the AP. Where the SSID is set for authentication, type open with EAP authentication. The AP forces all client devices to perform EAP authentication before they are allowed to join the network.
Note: An AP configured for EAP authentication forces all client devices that associate to perform EAP authentication. Client devices that do not use EAP cannot use the AP.
Where the authentication type for the SSID is set to Network-EAP, using EAP to interact with an EAP-compatible RADIUS server, the AP helps a wireless client device and the RADIUS server perform mutual authentication. It also derives a dynamic unicast WEP key. However, the AP does not force all client devices to perform EAP authentication.