State Machines for Extensible Authentication Protocol (EAP) Peer and Authenticator

This memo provides information for the Internet community.I tdoes not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract This document describes a set of state machines for Extensible Authentication Protocol (EAP) peer,EAP stand-alone authenticator (non-pass-through), EAP backend authenticator (for use on Authentication, Authorization, and Accounting (AAA) servers), and EAP full authenticator (for both local and pass-through). This set of state machines shows howEAP can be implemented to support deployment in either a peer/authenticator or peer/authenticator/AAA Server environment. The peer and stand-alone authenticator machines are illustrative ofhow the EAP protocol defined in RFC 3748 may be implemented. The backend and full/pass-through authenticators illustrate howEAP/AAA protocol support defined in RFC 3579 may be implemented. Where there are differences, RFC 3748 and RFC 3579 are authoritative. The state machines are based on the EAP "Switch" model. This model includes events and actions for the interaction between the EAP Switch and EAP methods. Abrief description of the EAP "Switch" model is giveninthe Introduction section. The state machine and associated model are informative only.I mplementations may achieve the same results using different methods.