802.1X CHAP local authentication configuration example

Network requirements

As shown in Figure 33, configure the AP to use CHAP to perform 802.1X local authentication for the client.

Figure 34: Network diagram

Configuration procedure

  1. Configure 802.1X and the local client:

    # Configure the AP to perform EAP termination and use CHAP.

    <AP> system-view
    [AP] dot1x authentication-method chap
    

    # Add a local network access user with username chap1 and password 123456 in plain text.

    [AP] local-user chap1 class network
    [AP-luser-network-chap1] password simple 123456
    

    # Set the service type to lan-access.

    [AP-luser-network-chap1] service-type lan-access
    [AP-luser-network-chap1] quit
    
  2. Configure AAA methods for the ISP domain:

    # Create an ISP domain named local.

    [AP] domain local
    

    # Configure the ISP domain to use local authentication, local authorization, and local accounting for LAN clients.

    [AP-isp-local] authentication lan-access local
    [AP-isp-local] authorization lan-access local
    [AP-isp-local] accounting lan-access local
    [AP-isp-local] quit
    
  3. Configure a service template:

    # Create a service template named wlas_local_chap.

    [AP] wlan service-template wlas_local_chap
    

    # Set the authentication mode to 802.1X.

    [AP-wlan-st-wlas_local_chap] client-security authentication-mode dot1x
    

    # Specify ISP domain local for the service template.

    [AP-wlan-st-wlas_local_chap] dot1x domain local
    

    # Set the SSID to wlas_local_chap.

    [AP-wlan-st-wlas_local_chap] ssid wlas_local_chap
    

    # Enable the service template.

    [AP-wlan-st-wlas_local_chap] service-template enable
    [AP-wlan-st-wlas_local_chap] quit
    
  4. Bind the service template to the AP radio.

    [AP] interface wlan-radio 0/1
    [AP-WLAN-Radio0/1] undo shutdown
    [AP-WLAN-Radio0/1] service template wlas_local_chap
    [AP-WLAN-Radio0/1] quit
    

Verifying the configuration

# Verify the 802.1X configuration.

[AP] display wlan service-template
[AP] display dot1x

# Display the client connection information after an 802.1X client passes authentication.

[AP] display dot1x connection