Enabling EAP relay or EAP termination

When configuring EAP relay or EAP termination, consider the following factors:

If the client is using only MD5-Challenge EAP authentication or the "username + password" EAP authentication initiated by an HPE iNode 802.1X client, you can use both EAP termination and EAP relay. To use EAP-TL, PEAP, or any other EAP authentication methods, you must use EAP relay. When you make your decision, see "A comparison of EAP relay and EAP termination" for help.

For more information about EAP relay and EAP termination, see "802.1X authentication procedures."

To configure EAP relay or EAP termination:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Configure EAP relay or EAP termination.

dot1x authentication-method { chap | eap | pap }

By default, the network access device performs EAP termination and uses CHAP to communicate with the RADIUS server.

Specify the eap keyword to enable EAP relay.

Specify the chap or pap keyword to enable CHAP-enabled or PAP-enabled EAP termination.


[NOTE: ]

NOTE:

If EAP relay mode is used, the user-name-format command configured in RADIUS scheme view does not take effect. The access device sends the authentication data from the client to the server without any modification.