Table of Contents
Advertisement
Command Manual - Security
Quidway S3500 Series Ethernet Switches
For S3526, S3526 FM and S3526 FS:
dot1x authentication-method { chap | pap | eap md5-challenge }
undo dot1x authentication-method
View
System view
Parameter
chap: Use CHAP authentication method.
pap: Use PAP authentication method.
eap: Use EAP authentication method.
Description
Using dot1x authentication-method command, you can configure the authentication
method for 802.1x user. Using undo dot1x authentication-method command, you
can restore the default authentication method of 802.1x user.
By default, CHAP authentication is used for 802.1x user authentication.
Password Authentication Protocol (PAP) is a kind of authentication protocol with two
handshakes. It sends password in the form of simple text.
Challenge Handshake Authentication Protocol (CHAP) is a kind of authentication
protocol with three handshakes. It only transmits username but not password. CHAP is
more secure and reliable.
In the process of EAP authentication, switch directly sends authentication information
of 802.1x user to RADIUS server in the form of EAP packet. It is not necessary to
transfer the EAP packet to standard RADIUS packet first and then send it to RADIUS
server.
Note:
For EAP authentication, the S3552G, S3552P, S3528G, S3528P, S3526E, S3526E
FM, S3526E FS and S3526C switches support the PEAP, EAP-TLS, and EAP-MD5
authentication. To enable any of the three, you just need to enable the EAP
authentication. However, the S3526, S3526 FM, and S3526 FS switches support
EAP-MD5 authentication only.
Please note: To realize PAP, CHAP or EAP authentication, RADIUS server should
support PAP, CHAP or EAP authentication respectively.
For the related command, see display dot1x.
Huawei Technologies Proprietary
1-4
Chapter 1 802.1x Configuration Commands
- Quick Links:
- Logging in Switch Commands
Hide quick links:
Advertisement
Chapters
Table of Contents
