Manualshelf

HP MSR2000/3000/4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
919293949596979899100
88
authentication with the RADIUS server. In this mode the RADIUS server supports only
MD5-Challenge EAP authentication, and "username+password" EAP authentication initiated by an
iNode client.
{ PAP transports usernames and passwords in plain text. The authentication method applies to
scenarios that do not require high security. To use PAP, the client can be an HP iNode 802.1X
client.
{ CHAP transports username in plaintext and encrypted password over the network. It is more
secure than PAP.
In EAP relay mode—The access device relays EAP messages between the client and the RADIUS
server. The EAP relay mode supports multiple EAP authentication methods, such as MD5-Challenge,
EAP-TL, and PEAP. To use this mode, you must make sure the RADIUS server supports the
EAP-Message and Message-Authenticator attributes, and uses the same EAP authentication method
as the client. If this mode is used, the user-name-format command configured in RADIUS scheme
view does not take effect. For more information about the user-name-format command, see
"RADIUS commands."
If RADIUS authentication is used, you must configure the network access device to use the same
authentication method (PAP, CHAP, or EAP) as the RADIUS server.
Examples
# Enable the access device to terminate EAP packets and perform PAP authentication with the RADIUS
server.
<Sysname> system-view
[Sysname] dot1x authentication-method pap
Related commands
display dot1x
dot1x handshake
Use dot1x handshake to enable the online user handshake function.
Use undo dot1x handshake to disable the function.
Syntax
dot1x handshake
undo dot1x handshake
Default
The online user handshake function is enabled.
Views
Layer 2 Ethernet Interface view
Predefined user roles
network-admin
Usage guidelines
The online user handshake function enables the device to periodically (set with the dot1x timer
handshake-period command) send handshake messages to the client to verify the connectivity status of
online 802.1X users. If no response is received from an online user after the maximum number of