1901
undo dot1x authentication-method
View System view
Parameter chap: Authenticates supplicants using CHAP.
eap: Authenticates supplicants using EAP.
pap: Authenticates supplicants using PAP.
Description Use the
dot1x authentication-method command to set the 802.1x
authentication method.
Use the
undo dot1x authentication-method command to restore the default.
By default, CHAP is used.
■ The password authentication protocol (PAP) transports passwords in clear text.
■ The challenge handshake authentication protocol (CHAP) transports only
usernames over the network. Compared with PAP, CHAP provides better
security.
■ With EAP relay authentication, the authenticator encapsulates 802.1x user
information in the EAP attributes of RADIUS packets and sends the packets to
the RADIUS server for authentication; it does not need to repackage the EAP
packets into standard RADIUS packets for authentication. In this case, you can
configure the user-name-format command but it does not take effect.
Currently, the device supports these EAP modes: EAP-TLS, EAP-TTLS, EAP-MD5,
and PEAP.
Note that:
■ Local authentication supports only PAP and CHAP.
■ For RADIUS authentication, the RADIUS server must be configured accordingly
to support PAP, CHAP, or EAP authentication.
Related command: display dot1x.
Example # Set the 802.1x authentication method to PAP.
<Sysname> system-view
[Sysname] dot1x authentication-method pap
dot1x guest-vlan
Syntax In system view:
dot1x guest-vlan vlan-id [ interface interface-list ]
undo dot1x guest-vlan [ interface interface-list ]
In interface view:
