The plethora of Internet of Things (IoT) devices and their diversified requirements have opted to design security mechanisms that cover all major security requirements. Wireless Local Area Networks (WLANs) is the most common network domains where IoT devices are launched, particularly because of its easy availability. Security, in other words authentication however, remains to be a major constriction for IoT-WLAN deployments. Though there are IoT based authentication protocols prevailing, such protocols are either prone to threats such as perfect forward secrecy violations, insider with database access attack, traceability attack, stolen device attack, ephemeral secret leakage, or they consume excessive computational and communication resources that result in an unprecedented burden for the IoT system. This article presents an Extensible Authentication Protocol (EAP) based mechanism for IoT devices deployed in a WLAN that addresses the above security issues and achieves cost-effectiveness. Validation follows an informal and formal approaches (using GNY and BAN logic, and Scyther verification tool) for the proposed protocol, demonstrating its robustness. Our performance analysis shows that the proposed protocol is lightweight and more secure in contrast to the state-of-the-art solutions. In addition, performance of the proposed protocol subjected to unknown attacks is investigated, which deduces that the proposed protocol has less overhead under unknown attacks than its competitors. A prototype of the protocol has been developed to demonstrate its feasibility and accuracy.