Creating an eap method profile, Creating and applying eap method profiles, For the 802.1x supplicant – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

370

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 12

Configuring Authentication Types

Creating and Applying EAP
Method Profiles for the
802.1X Supplicant

This section describes the optional configuration of an EAP method list for the
802.1X supplicant. Configuring EAP method profiles enables the supplicant not
to acknowledge some EAP methods, even though they are available on the
supplicant. For example, if a RADIUS server supports EAP-FAST and LEAP,
under certain configurations, the server can initially employ LEAP instead of a
more secure method. If no preferred EAP method list is defined, the supplicant
supports LEAP, but it can be advantageous to force the supplicant to force a more
secure method such as EAP-FAST.

• Use the

no

command to negate a command or set its defaults.

• Use the show eap registrations method command to view the currently

available (registered) EAP methods.

• Use the show eap sessions command to view existing EAP sessions.

See

Creating a Credentials Profile on page 195

for additional information about

the 802.1X supplicant.

Creating an EAP Method Profile

Beginning in privileged exec mode, follow these steps to define a new EAP
profile:

1. Enter global configuration mode.

configure terminal

2. Enter a name for the profile.

eap profile profile name

3. (Optional)—Enter a description for the EAP profile.

description

4. Enter an allowed EAP method or methods.

method fast

5. Return to the privileged EXEC mode.

end

6. (Optional) Save your entries in the configuration file.

copy running config startup-config

TIP

Although they appear as sub-parameters, EAP-GTC, EAP-MD5, and
EAP-MSCHAPV2 are intended as inner methods for tunneled EAP
authentication and must not be used as the primary authentication
method.