Local eap service configuration example, Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 449

Advertising
background image

433

Item Description

Method

Specify the EAP authentication methods, including:

MD5—Uses Message Digest 5 (MD5) for authentication.

TLS—Uses the Transport Layer Security (TLS) protocol for authentication.

PEAP-MSCHAPV2—Uses the Protected Extensible Authentication Protocol (PEAP) for
authentication and uses the Microsoft Challenge Handshake Authentication Protocol

version 2 (MSCHAPv2) for authentication in the established TLS tunnel.

PEAP-GTC—Uses the Protected Extensible Authentication Protocol (PEAP) for
authentication and uses the Microsoft Generic Token Card (GTC) for authentication

in the established TLS tunnel.

When an EAP client and the local server communicate for EAP authentication, they first
negotiate the EAP authentication method to be used. During negotiation, the local

server prefers the authentication method with the highest priority from the EAP
authentication method list. If the client supports the authentication method, the

negotiation succeeds and they proceed with the authentication process. Otherwise, the

local server tries the one with the next highest priority until a supported one is found, or
if none of the authentication methods are found supported, the local server sends an

EAP-Failure packet to the client for notification of the authentication failure.

TIP:

You can select more than one authentication method. An authentication method

selected earlier has a higher priority.

PEAP-MSCHAPV2 and PEAP-GTC are mutually exclusive.

PKI domain

Specify the PKI domain for EAP authentication.
The available PKI domains are those configured on the page you enter by selecting
Authentication > Certificate Management. For more information, see "

Managing

certificates

."

NOTE:

The service management, local portal authentication, and local EAP service modules

always reference the same PKI domain. Changing the referenced PKI domain in any of the

three modules will also change that referenced in the other two modules.

Local EAP service configuration example

Network requirements

As shown in

Figure 459

, configure the AC to perform local EAP authentication and authorization for

802.1X users by using the authentication method EAP-TLS.

Figure 459 Network diagram

Advertising
This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: