EAP-TEAP Overview

Introduction

EAP-TEAP (Tunnel Extensible Authentication Protocol) is a modern EAP method that supports:

  • Machine + user authentication in single handshake

  • Certificate and/or password authentication

  • Chaining of multiple authentication methods

  • Ideal for BYOD and mixed environments

Why EAP-TEAP?

Feature EAP-TEAP PEAP-MSCHAPv2

Machine auth

Yes

Separate session

User auth

Yes

Yes

Certificate support

Inner + Outer

Outer only

Password fallback

Yes

Required

Chaining

Native

No

Authentication Modes

Certificate Only (Method 1)

Like EAP-TLS but inside TEAP tunnel:

Client -> TLS Tunnel -> Certificate Auth -> Success

Certificate + Password (Method 2)

Machine cert + user password:

Client -> TLS Tunnel -> Machine Cert -> User Password -> Success

Password Only (Method 3)

Fallback for devices without certificates:

Client -> TLS Tunnel -> User Password -> Success

Topics

Related