No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R010C00 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Methods Used to Process Authentication Packets

(Optional) Configuring Methods Used to Process Authentication Packets

Context

In 802.1X authentication, EAP authentication packets can be processed in EAP termination or EAP relay mode. The PAP or CHAP protocol can also be used in EAP termination mode. CHAP is more secure than PAP.

If the authentication server has a higher processing capability and can parse a large number of EAP packets before authentication, the EAP relay mode is recommended. If the authentication server has a lower processing capability and cannot parse a large number of EAP packets before authentication, the EAP termination mode is recommended and the device parses EAP packets for the authentication server.

When the authentication packet processing method is configured, ensure that the client and server both support this method; otherwise, the users cannot pass authentication.

NOTE:
  • The authentication mode can be set to EAP relay for 802.1X authentication users only when the RADIUS authentication is used.

  • If the 802.1X client uses the MD5 encryption mode, the user authentication mode on the device can be set to EAP or CHAP; if the 802.1X client uses the PEAP authentication mode, the authentication mode on the device can be set to EAP.

Procedure

  1. Run system-view

    The system view is displayed.

  2. You can configure the authentication mode for 802.1X user in the system view or interface view.

    • In the system view:

      Run the dot1x authentication-method { chap | eap | pap } command to set the authentication mode for 802.1X users.

    • In the interface view:

      1. Run the interface interface-type interface-number command to enter the interface view.
      2. Run the dot1x authentication-method { chap | eap | pap } command to set the authentication mode for 802.1X users.

    By default, the global 802.1X user authentication mode is CHAP authentication and the 802.1X user authentication mode on interfaces is the same as the mode globally configured.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141885

Views: 54042

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next