Command Manual - Security
Quidway S6500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Huawei Technologies Proprietary
1-4
Parameter
chap: Use CHAP authentication method.
pap: Use PAP authentication method.
eap: Use EAP authentication method.
Description
Using dot1x authentication-method command, you can configure the authentication
method for 802.1x user. Using undo dot1x authentication-method command, you
can restore the default authentication method of 802.1x user.
By default, CHAP authentication is used for 802.1x user authentication.
Password Authentication Protocol (PAP) is a kind of authentication protocol with two
handshakes. It sends password in the form of simple text.
Challenge Handshake Authentication Protocol (CHAP) is a kind of authentication
protocol with three handshakes. It only transmits username but not password. CHAP is
more secure and reliable.
In the process of EAP authentication, switch directly sends authentication information
of 802.1x user to RADIUS server in the form of EAP packet. It is not necessary to
transfer the EAP packet to standard RADIUS packet first and then send it to RADIUS
server. By now, for EAP authentication, PEAP, EAP-TLS and EAP-MD5 methods are
available.
If you want to enable PEAP, EAP-TLS or EAP-MD5 authentication method on an
Ethernet switch, you only need to use the command dot1x authentication-method
eap to enable EAP authentication.
Please note: To realize PAP, CHAP or EAP authentication, RADIUS server should
support PAP, CHAP or EAP authentication respectively.
For the related command, see display dot1x.
Example
# Configure 802.1x user to use PAP authentication.
[Quidway] dot1x authentication-method pap
1.1.4 dot1x dhcp-launch
Syntax
dot1x dhcp-launch
undo dot1x dhcp-launch
View
System view
To Next Page
Loading...
Need help?
General
