3Com 5500-SI Configuration Manual page 396
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
396
C
21: 802.1
HAPTER
C
X
ONFIGURATION
The EAP-TLS mode authenticates supplicant systems by authenticating licenses of
both authentication servers and supplicant systems on both sides. In this mode,
supplicant systems are authenticated by their licenses only, which are applied for from
authentication servers. User name and password are not needed. Before the course of
authentication, a supplicant system and the authentication server negotiate with each
other by invoking TLS mechanism to obtain the way to encrypt session and then verify
the licenses of each other in the way just negotiated.
EAP-TTLS is an extension of EAP-TLS. It extends the two-way authentication of
supplicant system and authentication server implemented in EAP-TLS and uses
security channels created by TLS to transport information.
In EAP-TTLS, the authentication procedure includes two steps:
1 The supplicant system authenticates the server by verifying the license of the server,
and creates an encrypted TLS channel in EAP-TTLS mode.
2 The supplicant system is authenticated by way of the created TLS channel in the way
negotiated by the supplicant system and the authentication server. The supplicant
system transmits its authentication information transparently through the TLS channel
to the TTLS server, which in turn extracts the authentication information and delivers
it to the AAA server to accomplish the authentication.
As the four authentication modes, that is, PEAP, EAP-TLS, EAP-TTLS, and EAP-MD5,
are all EAP authentication mode for a switch, you can perform the operations listed in
Table 419 to specify any one of the four authentication modes. The actual
authentication mode adopted depends on the authentication mode configured on
the supplicant system.
Configuring 802.1x EAP Authentication
Table 419 Configure 802.1x EAP authentication
Operation
Enter system view
Configure to
authenticate supplicant
systems by using EAP
Enter Ethernet port
view (supplicant system
side)
Configure the port to
operate in MAC
address-based
authentication mode
802.1x PEAP Configuration Example
Network requirements
A supplicant system is connected to Ethernet1/0/1 port of a switch.
■
Control the accesses to the Internet by authenticating supplicant systems on each
■
port of the switch using PEAP. The ports operate in MAC address-based
authentication mode.
Command
system-view
dot1x
authentication-method
eap
interface interface-type
interface-number
dot1x port-method
macbased
Description
Required
By default, supplicant systems are
authenticated by using CHAP (challenge
handshake authentication protocol).
Optional
By default, an Ethernet port operates in
MAC address-based authentication mode.
When using EAP to authenticate supplicant
systems, make sure the related ports
operate in MAC address-based
authentication mode.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
