8021X Packet Flow (PEAP-MSCHAPv2)
PEAP-MSCHAPv2 is hopefully on the way out since it's slow, broken and cumbersome. Still, it's widely used and I do not see that changing in the near future. Organizations will need to have some form of PKI and other will need to begin retiring aging devices that do not support EAP-TLS (WPA2 or 3). Since its so common and the fact I deal with a lot of troubleshooting issues related to this authentication method, I decided to make a post about it. This is going to focus primarily on the wireless side, between the supplicant and authenticator. If you’d like to learn about the wired side of things I found this blog post during my research. First we’ll introduce the message exchange ladder to understand the shear amount of messages needed to completely authenticate the client. This hints at why this method is slow compared to other methods. http://revolutionwifi.blogspot.com/2010/09/peapv0-packet-flow-reference.html We’ll skip over the initial connection and start with the meth...