eap-types
Configures client access based on the
EAP type used
Supported on the following devices:
- Access Points:
AP3000/X, AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP7602, AP7612, AP7622, AP7632,
AP7662, AP8163, AP8533.
- Service Platforms:
NX5500, NX7500, NX9500, NX9600
- Virtual Platforms: CX9000, VX9000
Syntax
eap-types [allow|deny] [aka|all|fast|peap|sim|tls|ttls] {(aka|all|fast|peap|sim|tls|ttls)}
Parameters
eap-types [allow|deny] [aka|all|fast|peap|sim|tls|ttls] {(aka|all|fast|peap|sim|tls|ttls)}
eap-types [allow|deny] |
Configures a list of allowed or denied EAP types
- allow – Configures a
list of EAP types allowed for WLAN client authentication
- deny – Configures a
list of EAP types not allowed for WLAN client authentication
|
[aka|all|fast|peap|sim| tls|ttls] |
The following EAP types are common to the ‘allow‘ and ‘deny‘
keywords:
- aka – Configures EAP
Authentication and Key Agreement (AKA) and EAP-AKA‘ (AKA
Prime). EAP-AKA is one of the methods in the EAP authentication
framework. It uses Universal Mobile Telecommunications System
(UMTS) and Universal Subscriber Identity Module (USIM) for
client authentication and key distribution.
- all – Allows or denies
usage of all EAP types on the WLAN
- fast – Configures EAP
Flexible Authentication via Secure Tunneling (FAST).
EAP-FAST establishes a Transport Layer Security (TLS) tunnel,
to verify client credentials, using Protected Access Credentials
(PAC).
- peap – Configures
Protected Extensible Authentication Protocol (PEAP). PEAP or
Protected EAP uses encrypted and authenticated TLS tunnel to
encapsulate EAP.
- sim – Configures EAP
Subscriber Identity Module (SIM ). EAP-SIM uses Global
System for Mobile Communications (GSMC) SIM for client
authentication and key distribution.
- tls – Configures EAP
TLS. EAP-TLS is an EAP authentication method that uses PKI to
communicate with a RADIUS server or any other authentication
server.
- ttls – Configures
Tunneled Transport Layer Security (TTLS). EAP-TTLS is an
extension of TLS. Unlike TLS, TTLS does not require every client to
generate and install a CA- signed certificate.
- These options are
recursive, and more than one EAP type can be selected. The selected
options are added to the allowed or denied EAP types list.
|
Examples
nx9500-6C8809(config-wlan-test)#eap-types allow fast sim tls
nx9500-6C8809(config-wlan-test)#show context
wlan test
ssid test
bridging-mode tunnel
encryption-type none
authentication-type none
eap-types allow fast sim tls
nx9500-6C8809(config-wlan-test)#