Local eap service configuration example, Network requirements – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 455

Advertising
background image

39-2

Table 39-1

describes the configuration items for configuring the local EAP service.

Table 39-1 Local EAP service configuration items

Item

Description

EAP-server-status

Enable or disable the EAP server.

If the EAP server is enabled, the EAP authentication method and PKI domain
configurations are required.

Method

Specify the EAP authentication methods, including:

MD5: Uses Message Digest 5 (MD5) for authentication.

PEAP-MSCHAPV2: Uses Protected Extensible Authentication Protocol (PEAP) for
authentication and, specially, uses the Microsoft Challenge Handshake
Authentication Protocol version 2 (MSCHAPv2) for authentication in the established
TLS tunnel.

TLS: Uses the Transport Layer Security (TLS) protocol for authentication.

You can select more than one authentication method. An authentication method
selected earlier has a higher priority.

When an EAP client and the local server communicate for EAP authentication, they first
negotiate the EAP authentication method to be used. During negotiation, the local
server prefers the authentication method with the highest priority from the EAP
authentication method list. If the client supports the authentication method, the
negotiation succeeds and they proceed with the authentication process. Otherwise, the
local server tries the one with the next highest priority until a supported one is found, or
if none of the authentication methods are found supported, the local server sends an
EAP-Failure packet to the client for notification of the authentication failure.

PKI domain

Specify the PKI domain for EAP authentication.

The available PKI domains are those configured on the page you enter by selecting
Authentication > PKI. For details, refer to

PKI

.

The service management, local portal authentication, and local EAP service modules
always reference the same PKI domain. Changing the referenced PKI domain in any of
the three modules will also change that referenced in the other two modules.

Local EAP Service Configuration Example

Network requirements

As shown in

Figure 39-2

, configure AC to perform local EAP authentication and authorization for 802.1X

users. The authentication method is EAP-TLS.

Figure 39-2 Network diagram for configuring local EAP service

Advertising
This manual is related to the following products:

H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module

Popular Brands
Popular manuals