IEEE 802.1x specifies how EAP should be encapsulated in LAN frames. In wireless communications using EAP, a user requests connection to a WLAN (Wireless Local Area Network) through an access point, which then requests the identity of the user and transmits that identity to an authentication server such as RADIUS (Remote Authentication Dial In User Service) The server asks the access point for proof of identity, which the access point gets from the user and then sends back to the server to complete the authentication.
EAP-TLS provides for certificate-based and mutual authentication of the client and the network. It relies on client-side and server-side certificates to perform authentication and can be used to dynamically generate user-based and session-based WEP (Wired Equivalent Privacy) keys.
EAP-TTLS (Tunneled Transport Layer Security) is an extension of EAP-TLS to provide certificate-based, mutual authentication of the client and network through an encrypted tunnel, as well as to generate dynamic, per-user, per-session WEP keys. Unlike EAP-TLS, EAP-TTLS requires only server-side certificates. (See also PEAP (Protected Extensible Authentication Protocol).)