Wireless Controller, Service Platform and Access Point CLI Reference Guide

Specifies the EAP authentication mechanisms supported by each of the service providers associated with this passpoint policy.

Supported in the following platforms:

Access Points — AP410i/e, AP460i/e, AP505i, AP510i/e, AP560i/h, AP7522, AP7532, AP7562, AP7612, AP7632, AP7662, AP8432, AP8533
Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

eap-method <1-10> [<1-255>|fast|gtc|identity|ikev2|ms-auth|mschapv2|otp|peap|psk|rsa-public-key|
sim|tls|ttls] auth-param [credential|expanded-eap|expanded-inner-eap|inner-eap|non-eap-inner|
tunn-eap-credential|vendor] [cert|hw-token|nfc-secure-elem|none|sim|soft-token|username-password|usim|
vendor]

Parameters

eap-method <1-10> [<1-255>|fast|gtc|identity|ikev2|ms-auth|mschapv2|otp|peap|psk|rsa-public-key|
sim|tls|ttls] auth-param [credential|expanded-eap|expanded-inner-eap|inner-eap|non-eap-inner|
tunn-eap-credential|vendor] [cert|hw-token|nfc-secure-elem|none|sim|soft-token|username-password|usim|
vendor]


eap-method <1-10>	Selects the EAP authentication method used and assigns it an index number <1-10> – Specify an identifier for this EAP method from 1 - 10. The Index specified here is applied to this hotspot‘s EAP credential exchange and verification sessions. NAIs are often user identifiers in the EAP authentication protocol. A maximum of 10 (ten) authentication methods can be specified for every NAI realm. After creating the EAP authentication method, specify the associated authentication mechanisms (method types).
<1-255>	Identifies the EAP authentication method type from the corresponding IANA (Internet Assigned Numbers Authority number <1-255> – Specify the IANA identity number for the authentication protocol from 1 -255.
fast	Specifies the EAP authentication method type as FAST (Flexible Authentication via Secure Tunneling)
gtc	Specifies the EAP authentication method type as GTC (Generic Token Card)
identity	Specifies the EAP authentication method type as Identification
ikev2	Specifies the EAP authentication method type as IKEv2 (Internet Key Exchange Protocol version 2)
ms-auth	Specifies the EAP authentication method type as MS-Auth (Microsoft Authentication)
mschapv2	Specifies the EAP authentication method type as MSCHAPv2 (Microsoft Challenge Handshake Authentication Protocol Version 2)
opt	Specifies the EAP authentication method type as OTP (One Time Password)
peap	Specifies the EAP authentication method type as PEAP (Protected Extensible Authentication Protocol)
psk	Specifies the EAP authentication method type as PSK (Pre-shared Key)
rsa-public-key	Specifies the EAP authentication method type as RSA public key protocol
sim	Specifies the EAP authentication method type as GSM SIM (Subscriber Identity Module)
tls	Specifies the EAP authentication method type as TLS (Transport Layer Security)
ttls	Specifies the EAP authentication method type as TTLS (Tunneled Transport Layer Security)
auth-param	After specifying the EAP authentication method type, specify the authentication parameters. These parameters depend on the EAP authentication mechanism selected.
[cert\|hw-token\| nfc-secure-elem\| none\|sim\|soft-token\| username-password\| usim\|vendor]	The following parameters are common to all the above authentication parameters: cert – Certificate hw-token – Hardware token nfc-secure-elem – NFC secure element none – No credential sim – Subscriber identity module soft-token – Soft token username-password – Username and password usim – Universal subscriber identity module vendor – Vendor specific credential If setting the authentication type to either non-eap-inner, inner-eap, credential, or tunneleap-credential, define an authentication value that must be shared with the EAP credential validation server resource. If setting the authentication type to either expanded-eap or expanded-inner-eap, set a required authentication vendor ID that must match the one utilized by the EAP server resource. The ID must be 6 characters in length. If required, enter a 2 - 510 character vendor-specific authentication data required for the selected authentication type. Enter the value in the a-FA -F0-9 format. Provide an authentication vendor type, used exclusively for the expanded-eap or expanded-inner-eap authentication types. The vendor type must be 8 characters in length.

Examples

nx9500-6C8809(config-passpoint-policy-test-nai-realm-example)#eap-method 1 ttls auth-param vendor hex 00001E

nx9500-6C8809(config-passpoint-policy-test-nai-realm-example)#eap-method 2 rsa-public-key auth-param credential cert

nx9500-6C8809(config-passpoint-policy-test-nai-realm-example)#show context
 nai-realm example
  eap-method 1 ttls auth-param vendor hex 00001E
  eap-method 2 rsa-public-key auth-param credential cert
nx9500-6C8809(config-passpoint-policy-test-nai-realm-example)#exit

nx9500-6C8809(config-passpoint-policy-test)#show context
passpoint-policy test
 access-network-type chargeable-public
 connection-capability ip-protocol 2 port 10 closed
 nai-realm example
  eap-method 1 ttls auth-param vendor hex 00001E
  eap-method 2 rsa-public-key auth-param credential cert
 3gpp mcc 505 mnc 14
nx9500-6C8809(config-passpoint-policy-test)#