3com 4500 PWR 26-PORT Manual De Usuario

238

HAPTER

11: U

SING

AAA

AND

RADIUS C

OMMANDS

enabled globally, if the parameters are not configured globally or for a specified
port, they will maintain the default values.

After the global 802.1x performance is enabled, only when port 802.1x
performance is enabled will the configuration of 802.1x become effective on the
port.

Related commands:

display dot1x

Example

To enable 802.1x on Ethernet 1/0/1, enter the following.

<4500>system-view

System View: return to User View with Ctrl-Z

[4500]dot1x interface ethernet 1/0/1

To enable 802.1x globally, enter the following.

[4500]dot1x

dot1x

authentication-method

Syntax

dot1x authentication-method { chap | pap | eap

}

undo dot1x authentication-method

View

System View

Parameter

Chap:

Use CHAP authentication method.

Pap:

Use PAP authentication method.

eap:

Use EAP authentication method.

Description

Use the

dot1x authentication-method

command to configure the

authentication method for the 802.1x user. Use the

undo dot1x

authentication-method

command to restore the default authentication method

of the 802.1x user.

By default, CHAP authentication is used for 802.1x user authentication.

Password Authentication Protocol (PAP) is a kind of authentication protocol with
two handshakes. It sends the password in the form of simple text.

Challenge Handshake Authentication Protocol (CHAP) is a kind of authentication
protocol with three handshakes. It only transmits the username, not the password.
CHAP is more secure and reliable.

In EAP authentication, a Switch authenticates supplicant systems by encapsulating
802.1x authentication information in EAP packets and sending the packets to the
RADIUS server, instead of converting the packets into RADIUS packets before