Configures client access based on the EAP type used

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


eap-types [allow|deny] [aka|all|fast|peap|sim|tls|ttls] {(aka|all|fast|peap|sim|tls|ttls)}


eap-types [allow|deny] [aka|all|fast|peap|sim|tls|ttls] {(aka|all|fast|peap|sim|tls|ttls)}
eap-types [allow|deny] Configures a list of allowed or denied EAP types
  • allow – Configures a list of EAP types allowed for WLAN client authentication
  • deny – Configures a list of EAP types not allowed for WLAN client authentication
[aka|all|fast|peap|sim| tls|ttls] The following EAP types are common to the ‘allow‘ and ‘deny‘ keywords:
  • aka – Configures EAP Authentication and Key Agreement (AKA) and EAP-AKA‘ (AKA Prime). EAP-AKA is one of the methods in the EAP authentication framework. It uses Universal Mobile Telecommunications System (UMTS) and Universal Subscriber Identity Module (USIM) for client authentication and key distribution.
  • all – Allows or denies usage of all EAP types on the WLAN
  • fast – Configures EAP Flexible Authentication via Secure Tunneling (FAST). EAP-FAST establishes a Transport Layer Security (TLS) tunnel, to verify client credentials, using Protected Access Credentials (PAC).
  • peap – Configures Protected Extensible Authentication Protocol (PEAP). PEAP or Protected EAP uses encrypted and authenticated TLS tunnel to encapsulate EAP.
  • sim – Configures EAP Subscriber Identity Module (SIM ). EAP-SIM uses Global System for Mobile Communications (GSMC) SIM for client authentication and key distribution.
  • tls – Configures EAP TLS. EAP-TLS is an EAP authentication method that uses PKI to communicate with a RADIUS server or any other authentication server.
  • ttls – Configures Tunneled Transport Layer Security (TTLS). EAP-TTLS is an extension of TLS. Unlike TLS, TTLS does not require every client to generate and install a CA- signed certificate.
  • These options are recursive, and more than one EAP type can be selected. The selected options are added to the allowed or denied EAP types list.


nx9500-6C8809(config-wlan-test)#eap-types allow fast sim tls
nx9500-6C8809(config-wlan-test)#show context
wlan test
 ssid test
 bridging-mode tunnel
 encryption-type none
 authentication-type none
 eap-types allow fast sim tls

Related Commands

no (wlan-config-mode) Reverts to default setting - eap-types allow all