Wireless Controller, Service Platform and Access Point CLI Reference Guide

Configures client access based on the EAP type used

Supported in the following platforms:

Access Points — AP310i/e, AP410i/e, AP460i/e, AP560i/h, AP510i/e, AP505i, AP7522, AP7532, AP7562, AP7612, AP7632, AP7662, AP8432, AP8533
Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

eap-types [allow|deny] [aka|all|fast|peap|sim|tls|ttls] {(aka|all|fast|peap|sim|tls|ttls)}

Parameters

eap-types [allow|deny] [aka|all|fast|peap|sim|tls|ttls] {(aka|all|fast|peap|sim|tls|ttls)}


eap-types [allow\|deny]	Configures a list of allowed or denied EAP types allow – Configures a list of EAP types allowed for WLAN client authentication deny – Configures a list of EAP types not allowed for WLAN client authentication
[aka\|all\|fast\|peap\|sim\| tls\|ttls]	The following EAP types are common to the ‘allow‘ and ‘deny‘ keywords: aka – Configures EAP Authentication and Key Agreement (AKA) and EAP-AKA‘ (AKA Prime). EAP-AKA is one of the methods in the EAP authentication framework. It uses Universal Mobile Telecommunications System (UMTS) and Universal Subscriber Identity Module (USIM) for client authentication and key distribution. all – Allows or denies usage of all EAP types on the WLAN fast – Configures EAP Flexible Authentication via Secure Tunneling (FAST). EAP-FAST establishes a Transport Layer Security (TLS) tunnel, to verify client credentials, using Protected Access Credentials (PAC). peap – Configures Protected Extensible Authentication Protocol (PEAP). PEAP or Protected EAP uses encrypted and authenticated TLS tunnel to encapsulate EAP. sim – Configures EAP Subscriber Identity Module (SIM ). EAP-SIM uses Global System for Mobile Communications (GSMC) SIM for client authentication and key distribution. tls – Configures EAP TLS. EAP-TLS is an EAP authentication method that uses PKI to communicate with a RADIUS server or any other authentication server. ttls – Configures Tunneled Transport Layer Security (TTLS). EAP-TTLS is an extension of TLS. Unlike TLS, TTLS does not require every client to generate and install a CA- signed certificate. These options are recursive, and more than one EAP type can be selected. The selected options are added to the allowed or denied EAP types list.

Examples

nx9500-6C8809(config-wlan-test)#eap-types allow fast sim tls

nx9500-6C8809(config-wlan-test)#show context
wlan test
 ssid test
 bridging-mode tunnel
 encryption-type none
 authentication-type none
 eap-types allow fast sim tls
nx9500-6C8809(config-wlan-test)#

Related Commands


no (wlan-config-mode)	Reverts to default setting - eap-types allow all