для Cisco Cisco IOS Software Release 12.2(1)T
RADIUS EAP Support
Prerequisites
3
Cisco IOS Release: Multiple releases (see the Feature History table)
Restrictions
When EAP is running in proxy mode, there may be a significant increase in the authentication time
because every packet from the peer must be sent to the RADIUS server and every EAP packet from the
RADIUS server must be sent back to the client. Although this extra processing will cause delays, you
can increase the default authentication timeout value by using the ppp timeout authentication
command.
because every packet from the peer must be sent to the RADIUS server and every EAP packet from the
RADIUS server must be sent back to the client. Although this extra processing will cause delays, you
can increase the default authentication timeout value by using the ppp timeout authentication
command.
Prerequisites
Before enabling EAP RADIUS on the client, you must perform the following tasks:
•
Configure an interface type and enter interface configuration mode by using the interface command.
•
Configure the interface for PPP encapsulation by using the encapsulation command.
For more information on completing these tasks, refer to the chapter “Configuring Media-Independent
PPP and Multilink PPP” in the
PPP and Multilink PPP” in the
Configuration Tasks
See the following sections for configuration tasks for the RADIUS EAP Support feature. Each task in
the list is identified as either required or optional.
the list is identified as either required or optional.
•
•
(optional)
Configuring EAP
To configure EAP on an interface configured for PPP encapsulation, use the following commands in
interface configuration mode:
interface configuration mode:
Command
Purpose
Router(config-if)# ppp authentication eap
Enables EAP as the authentication protocol.
Router(config-if)# ppp eap identity string
(Optional) Specifies the EAP identity when requested by the
peer.
peer.
Router(config-if)# ppp eap password [number] string
(Optional) Sets the EAP password for peer authentication.
Note
This command should only be configured on the client.
Router(config-if)# ppp eap local
(Optional) Authenticates locally instead of using a RADIUS
back-end server, which is the default.
back-end server, which is the default.
Note
This command should only be configured on the NAS.