Dot1X Authentication-Method - H3C S7500E Series Command Manual
Hide thumbs
Also See for S7500E Series:
- Operation manual (1344 pages) ,
- Command reference manual (368 pages) ,
- Installation manual (182 pages)
Table of Contents
Advertisement
Command Manual – 802.1x - MAC Authentication
H3C S7500E Series Ethernet Switches
1.1.3 dot1x authentication-method
Syntax
dot1x authentication-method { chap | eap | pap }
undo dot1x authentication-method
View
System view
Parameters
chap: Authenticates supplicants using CHAP.
eap: Authenticates supplicants using EAP.
pap: Authenticates supplicants using PAP.
Description
Use the dot1x authentication-method command to set the 802.1x authentication
method.
Use the undo dot1x authentication-method command to restore the default.
By default, CHAP is used.
The password authentication protocol (PAP) transports passwords in plain text.
The challenge handshake authentication protocol (CHAP) transports only
usernames over the network. Compared with PAP, CHAP provides better security.
With EAP relay authentication, the authenticator encapsulates 802.1x user
information in the EAP attributes of RADIUS packets and sends the packets to the
RADIUS server for authentication; it does not need to repackage the EAP packets
into standard RADIUS packets for authentication. In this case, you can configure
the user-name-format command but it does not take effect. Currently, the device
supports these EAP modes: EAP-TLS, EAP-TTLS, EAP-MD5, and PEAP. For
information about the user-name-format command, refer to AAA RADIUS
HWTACACS Commands.
Note that:
Local authentication supports only PAP and CHAP.
For RADIUS authentication, the RADIUS server must be configured accordingly to
support PAP, CHAP, or EAP authentication.
Related commands: display dot1x.
Examples
# Set the 802.1x authentication method to PAP.
<Sysname> system-view
[Sysname] dot1x authentication-method pap
Chapter 1 802.1x Configuration Commands
1-6
Advertisement
Chapters
Table of Contents
