What is the difference between EAP and LEAP?
EAP is the Extensible Authentication Protocol, originally designed for dial-up PPP sessions. EAP was created to replace older PAP and CHAP authentication methods with a flexible framework that could support many different methods, including passwords, one-time passwords, SecurID tokens and digital certificates. Conceptually, EAP provides an "envelope" for the sender and receiver to carry out authentication. Exactly what gets carried inside the EAP "envelope" depends upon the authentication method.
The IEEE 802.1X standard used EAP to create a framework for LAN station authentication. Wireless stations and access points exchange EAP to carry out authentication, negotiate security parameters, and deliver session keys. EAP messages are relayed to a back-end Authentication Server, like a RADIUS Server. That Server determines the required authentication method, directs the station to present credentials that proves its identity and then accepts or rejects the station's request to access the LAN.
The credentials to be presented by the station depend upon the authentication method, or "EAP type." Lightweight EAP (LEAP), also known as Cisco EAP, is one of several EAP types that can be used with wireless LANs. LEAP authenticates the station by username/password. It is a proprietary type, commonly used with Cisco-based WLANs. For more information about LEAP and other EAP types like EAP-TLS (standard) and PEAP (emerging standard), visit Cisco's Web site.