Command Manual – 802.1x - MAC Authentication
H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Commands
1-6
1.1.3 dot1x authentication-method
Syntax
dot1x authentication-method { chap | eap | pap }
undo dot1x authentication-method
View
System view
Parameters
chap: Authenticates supplicants using CHAP.
eap: Authenticates supplicants using EAP.
pap: Authenticates supplicants using PAP.
Description
Use the dot1x authentication-method command to set the 802.1x authentication
method.
Use the undo dot1x authentication-method command to restore the default.
By default, CHAP is used.
z The password authentication protocol (PAP) transports passwords in plain text.
z The challenge handshake authentication protocol (CHAP) transports only
usernames over the network. Compared with PAP, CHAP provides better security.
z With EAP relay authentication, the authenticator encapsulates 802.1x user
information in the EAP attributes of RADIUS packets and sends the packets to the
RADIUS server for authentication; it does not need to repackage the EAP packets
into standard RADIUS packets for authentication. In this case, you can configure
the user-name-format command but it does not take effect. Currently, the device
supports these EAP modes: EAP-TLS, EAP-TTLS, EAP-MD5, and PEAP. For
information about the user-name-format command, refer to AAA RADIUS
HWTACACS Commands.
Note that:
z Local authentication supports only PAP and CHAP.
z For RADIUS authentication, the RADIUS server must be configured accordingly to
support PAP, CHAP, or EAP authentication.
Related commands: display dot1x.
Examples
# Set the 802.1x authentication method to PAP.
<Sysname> system-view
[Sysname] dot1x authentication-method pap
To Next Page
Loading...
Need help?
General
