Local eap service configuration example, Network requirements, Configuration guidelines – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 599
578
Item Description
Method
Specify the EAP authentication methods:
•
MD5—Uses Message Digest 5 (MD5) for authentication.
•
TLS—Uses the Transport Layer Security (TLS) protocol for authentication.
•
PEAP-MSCHAPV2—Uses the Protected Extensible Authentication Protocol (PEAP) for
authentication and uses the Microsoft Challenge Handshake Authentication Protocol
version 2 (MSCHAPv2) for authentication in the established TLS tunnel.
•
PEAP-GTC—Uses the Protected Extensible Authentication Protocol (PEAP) for
authentication and uses the Microsoft Generic Token Card (GTC) for authentication
in the established TLS tunnel.
•
TTLS—Uses the Tunneled Transport Layer Security (TTLS) protocol for authentication.
When an EAP client and the local server communicate for EAP authentication, they first
negotiate the EAP authentication method to be used. During negotiation, the local
server prefers the authentication method with the highest priority from the EAP
authentication method list. If the client supports the authentication method, the
negotiation succeeds and they proceed with the authentication process. Otherwise, the
local server tries the one with the next highest priority until a supported one is found, or
if none of the authentication methods are found supported, the local server sends an
EAP-Failure packet to the client for notification of the authentication failure.
IMPORTANT:
•
You can select more than one authentication method. An authentication method
selected earlier has a higher priority.
•
PEAP-MSCHAPv2 and PEAP-GTC methods are mutually exclusive.
PKI domain
Specify the PKI domain for EAP authentication.
The available PKI domains are those configured on the page you enter by selecting
Authentication > Certificate Management. For more information, see "
IMPORTANT:
The service management, local portal authentication, and local EAP service modules
always reference the same PKI domain. Changing the referenced PKI domain in any of the
three modules will also change that referenced in the other two modules.
Local EAP service configuration example
Network requirements
As shown in
, configure the AC to perform local EAP authentication and authorization for
802.1X users by using the authentication method EAP-TLS.
Figure 605 Network diagram
Configuration guidelines
To implement local EAP authentication and authorization for 802.1X users, make sure port security is
enabled and 802.1X authentication uses the EAP authentication mode.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module