At the moment, I am going through the updated 802.1X training from Cisco, and there it is: A term that comes up now and then: EAPoW for EAP over Wireless.
Is there something like EAPoW? Let’s dig a little bit deeper.
➡️ Regardless of Ethernet or WLAN, 802.1X Authentication is always of type 0x888e; both wired and wireless.
➡️ In the 802.11 standard, there is no term EAPoW.
➡️ In the 802.1X standard, there is no term EAPoW.
➡️ RFC 4017 „Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs“ doesn’t mention EAPoW (or EAPoL).
(I didn’t expect that; but looked it up for completeness)
❗️ But the 802.1X standard has some clear definitions:
Already in 802.1X-2001, they include Wireless LANs as in-scope: “… and associations between stations and access points in IEEE 802.11 Wireless LANs.”
And: „IEEE Std 802.1X-2001 enables authenticated access to IEEE 802 media, including Ethernet, Token Ring, and IEEE 802.11 wireless LANs.“
802.1X-2010 defines a LAN in the following way:
IEEE 802 Local Area Network (LAN): IEEE 802 LANs (also referred to in the text simply as LANs) are LAN technologies that provide a MAC Service equivalent to that defined in ISO/IEC 15802-1. IEEE 802 LANs include IEEE Std 802.3 (CSMA/CD), IEEE Std 802.11 (Wireless), and IEEE Std 802.17 (Resilient Packet Ring).
And it also states that in section 11.1 : „The complete format of an EAPOL frame ‘on the wire’ or ‘through the air’ depends not only … “
802.1X-2020 removes some outdated definitions but keeps WLAN:
IEEE 802 Local Area Network (LAN): An instance of a LAN technology that provides a MAC Service equivalent to that defined in IEEE Std 802.1AC. IEEE 802 LANs include IEEE Std 802.3 (CSMA/CD) and IEEE Std 802.11 (Wireless).
This shows that there was no extra definition for the „over Wireless“ transport.
And when talking about EAPoL in Cisco ISE courses, I typically explain that a LAN is not the same as Ethernet, but that we have to read it as „a transport over our used Data Link Layer“.
But there is even more:
There are documents from around 25 years ago (much earlier than I was in enterprise WLAN), which used the term EAPoW for the wireless implementation of EAPOL and defined an EAPoW-Key for distributing WEP keys to clients. This was long before 802.11i, or WPA/WPA2, was published, and the term didn’t make it into the standard.
Coming back to the mentioned 802.1X training, they also state:
„EAPoW is not an official protocol name and is an informal term that is often used to refer to the use of EAPoL in wireless environments.“
I do not think that using this term makes any sense for understanding this topic because it is EAPoL in both cases. But it’s not as bad as using a small „x“ in 802.1X!
This was also posted on LinkedIn.