802.1X CHAP local authentication configuration example
Network requirements
As shown in Figure 33, configure the AP to use CHAP to perform 802.1X local authentication for the client.
Figure 34: Network diagram
Configuration procedure
Configure 802.1X and the local client:
# Configure the AP to perform EAP termination and use CHAP.
<AP> system-view [AP] dot1x authentication-method chap
# Add a local network access user with username chap1 and password 123456 in plain text.
[AP] local-user chap1 class network [AP-luser-network-chap1] password simple 123456
# Set the service type to lan-access.
[AP-luser-network-chap1] service-type lan-access [AP-luser-network-chap1] quit
Configure AAA methods for the ISP domain:
# Create an ISP domain named local.
[AP] domain local
# Configure the ISP domain to use local authentication, local authorization, and local accounting for LAN clients.
[AP-isp-local] authentication lan-access local [AP-isp-local] authorization lan-access local [AP-isp-local] accounting lan-access local [AP-isp-local] quit
Configure a service template:
# Create a service template named wlas_local_chap.
[AP] wlan service-template wlas_local_chap
# Set the authentication mode to 802.1X.
[AP-wlan-st-wlas_local_chap] client-security authentication-mode dot1x
# Specify ISP domain local for the service template.
[AP-wlan-st-wlas_local_chap] dot1x domain local
# Set the SSID to wlas_local_chap.
[AP-wlan-st-wlas_local_chap] ssid wlas_local_chap
# Enable the service template.
[AP-wlan-st-wlas_local_chap] service-template enable [AP-wlan-st-wlas_local_chap] quit
Bind the service template to the AP radio.
[AP] interface wlan-radio 0/1 [AP-WLAN-Radio0/1] undo shutdown [AP-WLAN-Radio0/1] service template wlas_local_chap [AP-WLAN-Radio0/1] quit
Verifying the configuration
# Verify the 802.1X configuration.
[AP] display wlan service-template [AP] display dot1x
# Display the client connection information after an 802.1X client passes authentication.
[AP] display dot1x connection