...

EAP and RADIUS have support for a great variety of features or different methods that can be encapsulated there-in to perform authentication (e.g. it is possible to use different protocols that authenticate the user using a username and password, or using client certificates, or even SIM cards), but it is still up to the supplicant, NAS and authentication server implementations to choose which ones they support or not (even different NASes have been seen to send MAC addresses in different format, e.g. TP-Link Archer C20 sends 01-23-45-67-89-AB, while TP-Link TD-W8968 sends 0123456789ab. TP-Link TL-WR740N, in the case of the NAS MAC address, sends 01-23-45-67-89-AB:SSID, where SSID is the configured wireless SSID). EAP, being a tunneling protocol inside which a suitable protocol for performing authentication needs to be used, gives flexibility in usable authentication protocols without requiring specific support for that protocol by the NAS, as long as it is supported by both the supplicant and authentication server. '@@@'

FreeRADIUS configuration files

...