Specifications
set authentication dot1x
Chapter 9
AAA Commands
210
protocol Protocol used for authentication. Specify one of the following:
• eap-tls—EAP with Transport Layer Security (TLS):
• Provides mutual authentication, integrity-protected
negotiation, and key exchange
• Requires X.509 public key certificates on both sides of the
connection
• Provides encryption and integrity checking for the
connection
• Cannot be used with RADIUS server authentication
(requires user information to be in the UNIVERGE WL
Controller local database)
• peap-mschapv2—Protected EAP (PEAP) with Microsoft
Challenge Handshake Authentication Protocol version 2
(MS-CHAP-V2). For wireless clients:
• Uses TLS for encryption and data integrity checking and
server-side authentication
• Provides MS-CHAP-V2 mutual authentication
• Only the server side of the connection needs a certificate.
The wireless client authenticates using TLS to set up an
encrypted session. Then MS-CHAP-V2 performs mutual
authentication using the specified AAA method.
• pass-through—UNIVERGE WL Control System sends all
the EAP protocol processing to a RADIUS server.
method1
method2
method3
method4
At least one and up to four methods that UNIVERGE WL Control
System uses to handle authentication. Specify one or more of the
following methods in priority order. UNIVERGE WL Control
System applies multiple methods in the order you enter them.
A method can be one of the following:
• local—Uses the local database of usernames and user groups
on the UNIVERGE WL Controller for authentication.
• server-group-name—Uses the defined group of RADIUS
servers for authentication. You can enter up to four names of
existing RADIUS server groups as methods.
RADIUS servers cannot be used with the EAP-TLS protocol.
For more information, see “Usage.”