Info regarding EAP , read more info here:
https://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/EAP-The-Basics/ta-p/25380
EAP Summary
Based on this table, we can draw some reasonably clear conclusions:
- TLS, while very secure, requires client certificates to be installed on each wireless workstation. Installing and maintaining a PKI infrastructure must be part of any TLS installation and does create more administrative overhead. If a working PKI already exists, TLS is a very good option
- TTLS addresses the certificate issue by tunneling TLS, and thus eliminating the need for a certificate on the client side. If a working PKI structure does not exist, this is an option worth considering
- LEAP is one of the earliest EAP implementations; however inherent security flaws have now made it less popular and it is not recommended
- EAP-FAST promises to be as easy as LEAP but as secure as PEAP, however it has different implementation and operational modes that, ultimately, offer a compromise. The highest security, ultimately, ends up looking very similar to PEAP – without the widespread client support that PEAP enjoys
- PEAP works similarly to EAP-TTLS in that it does not require a certificate on the client side and is natively supported by many client operating systems. PEAP is the protocol of choice when client-side certificates are not required. When deploying PEAP, EAP-MSChapv2 is likewise the protocol of choice as compared to EAP-GTC. This is primarily due to the fact that EAP-GTC it is not supported by Microsoft’s IAS RADIUS server or the native Windows supplicant