Local eap service configuration example, Network requirements, Configuration guidelines – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 599

Advertising
background image

578

Item Description

Method

Specify the EAP authentication methods:

MD5—Uses Message Digest 5 (MD5) for authentication.

TLS—Uses the Transport Layer Security (TLS) protocol for authentication.

PEAP-MSCHAPV2—Uses the Protected Extensible Authentication Protocol (PEAP) for
authentication and uses the Microsoft Challenge Handshake Authentication Protocol

version 2 (MSCHAPv2) for authentication in the established TLS tunnel.

PEAP-GTC—Uses the Protected Extensible Authentication Protocol (PEAP) for
authentication and uses the Microsoft Generic Token Card (GTC) for authentication

in the established TLS tunnel.

TTLS—Uses the Tunneled Transport Layer Security (TTLS) protocol for authentication.

When an EAP client and the local server communicate for EAP authentication, they first
negotiate the EAP authentication method to be used. During negotiation, the local

server prefers the authentication method with the highest priority from the EAP

authentication method list. If the client supports the authentication method, the

negotiation succeeds and they proceed with the authentication process. Otherwise, the
local server tries the one with the next highest priority until a supported one is found, or

if none of the authentication methods are found supported, the local server sends an

EAP-Failure packet to the client for notification of the authentication failure.

IMPORTANT:

You can select more than one authentication method. An authentication method

selected earlier has a higher priority.

PEAP-MSCHAPv2 and PEAP-GTC methods are mutually exclusive.

PKI domain

Specify the PKI domain for EAP authentication.
The available PKI domains are those configured on the page you enter by selecting
Authentication > Certificate Management. For more information, see "

Managing

certificates

."

IMPORTANT:

The service management, local portal authentication, and local EAP service modules

always reference the same PKI domain. Changing the referenced PKI domain in any of the

three modules will also change that referenced in the other two modules.

Local EAP service configuration example

Network requirements

As shown in

Figure 326

, configure the AC to perform local EAP authentication and authorization for

802.1X users by using the authentication method EAP-TLS.

Figure 605 Network diagram

Configuration guidelines

To implement local EAP authentication and authorization for 802.1X users, make sure port security is

enabled and 802.1X authentication uses the EAP authentication mode.

Advertising
This manual is related to the following products:

H3C WX5500E Series Access Controllers, H3C WX3500E Series Access Controllers, H3C WX2500E Series Access Controllers, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C LSUM3WCMD0 Access Controller Module, H3C LSUM1WCME0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module

Popular Brands
Popular manuals