Wednesday, September 15, 2010

PEAPv0 Packet Flow Reference

I have created a handy reference for understanding the packet flow of a PEAPv0 / EAP-MSCHAPv2 authentication exchange.

Included are packet flows for three different authentication scenarios:

  1. Full initial authentication exchange
  2. Full initial authentication exchange including Active Directory services
  3. TLS session resumption (also called fast reconnect)

Here is a preview:

You can download the full version here. I hope you enjoy it and find it useful!



  1. Very clear Andrew. Awesome!

    If you could also put up a debug client and debug aaa events enable from Cisco WLC. And map the process to it, that will be great!

    Thanks in advance.

  2. Thanks Vishal! But I don't have time to scour and map this to Cisco's debug output. You'll have to do that on your own if you want it.


  3. Thank you Andrew this is very helpful.