для Cisco Cisco IOS Software Release 12.2(1)T

When EAP is running in proxy mode, there may be a significant increase in the authentication time 
because every packet from the peer must be sent to the RADIUS server and every EAP packet from the 
RADIUS server must be sent back to the client. Although this extra processing will cause delays, you 
can increase the default authentication timeout value by using the ppp timeout authentication 
command.

Before enabling EAP RADIUS on the client, you must perform the following tasks:

Configure an interface type and enter interface configuration mode by using the interface command.

Configure the interface for PPP encapsulation by using the encapsulation command.

For more information on completing these tasks, refer to the chapter “Configuring Media-Independent 
PPP and Multilink PPP” in the 

See the following sections for configuration tasks for the RADIUS EAP Support feature. Each task in 
the list is identified as either required or optional.

 (optional)

To configure EAP on an interface configured for PPP encapsulation, use the following commands in 
interface configuration mode:

Router(config-if)# ppp authentication eap

Enables EAP as the authentication protocol.

Router(config-if)# ppp eap identity string

(Optional) Specifies the EAP identity when requested by the 
peer.

Router(config-if)# ppp eap password [number] string

(Optional) Sets the EAP password for peer authentication.

This command should only be configured on the client.

Router(config-if)# ppp eap local

(Optional) Authenticates locally instead of using a RADIUS 
back-end server, which is the default.

This command should only be configured on the NAS.