View
Parameter
Description
Related command:
Example
dot1x guest-vlan
Syntax
undo dot1x authentication-method
System view
chap: Authenticates supplicants using CHAP.
eap: Authenticates supplicants using EAP.
pap: Authenticates supplicants using PAP.
Use the
dot1x authentication-method
authentication method.
Use the
undo dot1x authentication-method
By default, CHAP is used.
The password authentication protocol (PAP) transports passwords in clear text.
■
The challenge handshake authentication protocol (CHAP) transports only
■
usernames over the network. Compared with PAP, CHAP provides better
security.
With EAP relay authentication, the authenticator encapsulates 802.1x user
■
information in the EAP attributes of RADIUS packets and sends the packets to
the RADIUS server for authentication; it does not need to repackage the EAP
packets into standard RADIUS packets for authentication. In this case, you can
configure the user-name-format command but it does not take effect.
Currently, the device supports these EAP modes: EAP-TLS, EAP-TTLS, EAP-MD5,
and PEAP.
Note that:
Local authentication supports only PAP and CHAP.
■
For RADIUS authentication, the RADIUS server must be configured accordingly
■
to support PAP, CHAP, or EAP authentication.
display dot1x.
# Set the 802.1x authentication method to PAP.
<Sysname> system-view
[Sysname] dot1x authentication-method pap
In system view:
dot1x guest-vlan vlan-id [ interface interface-list ]
undo dot1x guest-vlan [ interface interface-list ]
In interface view:
command to set the 802.1x
command to restore the default.
1901