Filter
Top Products
238 CHAPTER 11: USING AAA AND RADIUS COMMANDS
enabled globally, if the parameters are not configured globally or for a specified
port, they will maintain the default values.
After the global 802.1x performance is enabled, only when port 802.1x
performance is enabled will the configuration of 802.1x become effective on the
port.
Related commands: display dot1x.
Example
To enable 802.1x on Ethernet 1/0/1, enter the following.
<4500>system-view
System View: return to User View with Ctrl-Z
[4500]dot1x interface ethernet 1/0/1
To enable 802.1x globally, enter the following.
[4500]dot1x
dot1x
authentication-method
Syntax
dot1x authentication-method { chap | pap | eap }
undo dot1x authentication-method
View
System View
Parameter
Chap: Use CHAP authentication method.
Pap: Use PAP authentication method.
eap: Use EAP authentication method.
Description
Use the dot1x authentication-method command to configure the
authentication method for the 802.1x user. Use the
undo dot1x
authentication-method
command to restore the default authentication method
of the 802.1x user.
By default, CHAP authentication is used for 802.1x user authentication.
Password Authentication Protocol (PAP) is a kind of authentication protocol with
two handshakes. It sends the password in the form of simple text.
Challenge Handshake Authentication Protocol (CHAP) is a kind of authentication
protocol with three handshakes. It only transmits the username, not the password.
CHAP is more secure and reliable.
In EAP authentication, a Switch authenticates supplicant systems by encapsulating
802.1x authentication information in EAP packets and sending the packets to the
RADIUS server, instead of converting the packets into RADIUS packets before