eap-method

Specifies the EAP authentication mechanisms supported by each of the service providers associated with this passpoint policy.

Supported on the following devices:

Syntax

eap-method <1-10> [<1-255>|fast|gtc|identity|ikev2|ms-auth|mschapv2|otp|peap|psk|rsa-public-key|
sim|tls|ttls] auth-param [credential|expanded-eap|expanded-inner-eap|inner-eap|non-eap-inner|
tunn-eap-credential|vendor] [cert|hw-token|nfc-secure-elem|none|sim|soft-token|username-password|usim|
vendor]

Parameters

eap-method <1-10> [<1-255>|fast|gtc|identity|ikev2|ms-auth|mschapv2|otp|peap|psk|rsa-public-key|
sim|tls|ttls] auth-param [credential|expanded-eap|expanded-inner-eap|inner-eap|non-eap-inner|
tunn-eap-credential|vendor] [cert|hw-token|nfc-secure-elem|none|sim|soft-token|username-password|usim|
vendor]

eap-method <1-10>

Selects the EAP authentication method used and assigns it an index number
  • <1-10> – Specify an identifier for this EAP method from 1 - 10. The Index specified here is applied to this hotspot‘s EAP credential exchange and verification sessions. NAIs are often user identifiers in the EAP authentication protocol.

A maximum of 10 (ten) authentication methods can be specified for every NAI realm. After creating the EAP authentication method, specify the associated authentication mechanisms (method types).

<1-255>

Identifies the EAP authentication method type from the corresponding IANA (Internet Assigned Numbers Authority number
  • <1-255> – Specify the IANA identity number for the authentication protocol from 1 -255.

fast

Specifies the EAP authentication method type as FAST (Flexible Authentication via Secure Tunneling)

gtc

Specifies the EAP authentication method type as GTC (Generic Token Card)

identity

Specifies the EAP authentication method type as Identification

ikev2

Specifies the EAP authentication method type as IKEv2 (Internet Key Exchange Protocol version 2)

ms-auth

Specifies the EAP authentication method type as MS-Auth (Microsoft Authentication)

mschapv2

Specifies the EAP authentication method type as MSCHAPv2 (Microsoft Challenge Handshake Authentication Protocol Version 2)

opt

Specifies the EAP authentication method type as OTP (One Time Password)

peap

Specifies the EAP authentication method type as PEAP (Protected Extensible Authentication Protocol)

psk

Specifies the EAP authentication method type as PSK (Pre-shared Key)

rsa-public-key

Specifies the EAP authentication method type as RSA public key protocol

sim

Specifies the EAP authentication method type as GSM SIM (Subscriber Identity Module)

tls

Specifies the EAP authentication method type as TLS (Transport Layer Security)

ttls

Specifies the EAP authentication method type as TTLS (Tunneled Transport Layer Security)

auth-param

After specifying the EAP authentication method type, specify the authentication parameters. These parameters depend on the EAP authentication mechanism selected.

[cert|hw-token| nfc-secure-elem| none|sim|soft-token| username-password| usim|vendor] The following parameters are common to all the above authentication parameters:
  • cert – Certificate
  • hw-token – Hardware token
  • nfc-secure-elem – NFC secure element
  • none – No credential
  • sim – Subscriber identity module
  • soft-token – Soft token
  • username-password – Username and password
  • usim – Universal subscriber identity module
  • vendor – Vendor specific credential

If setting the authentication type to either non-eap-inner, inner-eap, credential, or tunneleap-credential, define an authentication value that must be shared with the EAP credential validation server resource.

If setting the authentication type to either expanded-eap or expanded-inner-eap, set a required authentication vendor ID that must match the one utilized by the EAP server resource. The ID must be 6 characters in length.

If required, enter a 2 - 510 character vendor-specific authentication data required for the selected authentication type. Enter the value in the a-FA -F0-9 format.

Provide an authentication vendor type, used exclusively for the expanded-eap or expanded-inner-eap authentication types. The vendor type must be 8 characters in length.

Examples

nx9500-6C8809(config-passpoint-policy-test-nai-realm-example)#eap-method 1 ttls auth-param vendor hex 00001E
nx9500-6C8809(config-passpoint-policy-test-nai-realm-example)#eap-method 2 rsa-public-key auth-param credential cert
nx9500-6C8809(config-passpoint-policy-test-nai-realm-example)#show context
 nai-realm example
  eap-method 1 ttls auth-param vendor hex 00001E
  eap-method 2 rsa-public-key auth-param credential cert
nx9500-6C8809(config-passpoint-policy-test-nai-realm-example)#exit
nx9500-6C8809(config-passpoint-policy-test)#show context
passpoint-policy test
 access-network-type chargeable-public
 connection-capability ip-protocol 2 port 10 closed
 nai-realm example
  eap-method 1 ttls auth-param vendor hex 00001E
  eap-method 2 rsa-public-key auth-param credential cert
 3gpp mcc 505 mnc 14
nx9500-6C8809(config-passpoint-policy-test)#