...
802.1X defines how EAP messages are transmitted over an IEEE 802 network (e.g. ethernet, wifi).
RADIUS is a protocol to exchange information between an authenticator (also known as NAS (Network Access Server)) (see above picture) and an Authentication server. Each packet has a packet type, and contains multiple ValueName-Value attributes with relevant information as may be the case. A well known RADIUS server software is called FreeRADIUS.
In the above example, a wifi router is providing access to the 192.168.254.0/24 network. When a device (called a supplicant) attempts to connect to the wifi network, the wireless router starts an EAP conversation with the supplicant over 802.1X, requesting it to supply credentials. The router then connects to the authentication server (which, in the example above is also part of the 192.168.254.0/24 network) and sends the EAP response it received from the supplicant over the RADIUS protocol. A well known RADIUS server software is called FreeRADIUS. The authentication server may wish to request the client for more information, it may thus answer the wifi router with a RADIUS packet of type Access-Challenge containing an EAP message to be forwarded to the supplicant. The wifi router facilitates this conversation between authentication server and supplicant until the authentication server sends a packet to the wifi router which is of either type Access-Accept or Access-Reject. In the case of an Access-Accept, the wifi router now allows the supplicant to join the network, or, in the case of Access-Reject, will not. Due to this role played by the wifi router, it is called an authenticator or sometimes NAS (Network Access Server). Once the NAS has granted access, for 802.1X/RADIUS/authentication server, the job is done, and the supplicant becomes part of the 192.168.254.0/24 network's broadcast domain. It can now initiate a DHCP request for an IP address or any other action as may be appropriate. The authentication server is able to log that the user connected
...