1. The client device in an 802.1X exchange — the one that must provide credentials before the port opens for normal network traffic
2. The switch or wireless access point in an 802.1X exchange — it relays credentials to the authentication server and enforces the server's access decision, but never validates credentials itself
3. The back-end RADIUS-based server in an 802.1X exchange — the only component that verifies whether credentials are valid and returns Access-Accept or Access-Reject
4. The EAP method that uses only a server-side certificate to create a TLS outer tunnel, then carries MSCHAPv2 username/password authentication inside the tunnel — most widely deployed enterprise Wi-Fi authentication method