Usage guidelines
The network access device terminates or relays EAP packets:
• In EAP termination mode—The access device re-encapsulates and sends the authentication data
from the client in standard RADIUS packets to the RADIUS server, and performs either CHAP or PAP
authentication with the RADIUS server. In this mode the RADIUS server supports only
MD5-Challenge EAP authentication, and "username+password" EAP authentication initiated by an
iNode client.
{ PAP transports usernames and passwords in plain text. The authentication method applies to
scenarios that do not require high security. To use PAP, the client can be an HP iNode 802.1X
client.
{ CHAP transports username in plaintext and encrypted password over the network. It is more
secure than PAP.
• In EAP relay mode—The access device relays EAP messages between the client and the RADIUS
server. The EAP relay mode supports multiple EAP authentication methods, such as MD5-Challenge,
EAP-TL, and PEAP. To use this mode, you must make sure the RADIUS server supports the
EAP-Message and Message-Authenticator attributes, and uses the same EAP authentication method
as the client. If this mode is used, the user-name-format command configured in RADIUS scheme
view does not take effect. For more information about the user-name-format command, see
"RADIUS commands."
Examples
# Enable the access device to terminate EAP packets and perform PAP authentication with the RADIUS
server.
<Sysname> system-view
[Sysname] dot1x authentication-method pap
Related commands
display dot1x
dot1x handshake
Use dot1x handshake to enable the online user handshake function.
Use undo dot1x handshake to disable the function.
Syntax
dot1x handshake
undo dot1x handshake
Default
The online user handshake function is enabled.
Views
Ethernet Interface view
97
To Next Page
Loading...
Need help?
General
