< Home

mac-authen authentication-method

Function

The mac-authen authentication-method command configures the authentication mode for MAC address authentication.

The undo mac-authen authentication-method command restores the default configuration.

By default, the authentication mode for MAC address authentication is set to PAP.

Format

mac-authen authentication-method { chap | pap }

undo mac-authen authentication-method

Parameters

Parameter

Description

Value

chap

Indicates the Challenge Handshake Authentication Protocol (CHAP) authentication mode.

-

pap

Indicates the Password Authentication Protocol (PAP) authentication mode.

-

Views

MAC access profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In MAC address authentication, the access device exchanges RADIUS packets with the authentication server. Differences between authentication modes PAP and CHAP are as follows:

  • PAP is a two-way handshake authentication protocol. It transmits passwords in plain text format in RADIUS packets.
  • CHAP is a three-way handshake authentication protocol. It transmits only user names but not passwords in RADIUS packets. CHAP is more secure and reliable than PAP. If high security is required, CHAP is recommended.

By default, the authentication mode for MAC address authentication is set to PAP. The authentication mode can be changed to CHAP for higher security.

Precautions

The authentication server must support CHAP when the authentication mode is set to CHAP.

Example

# In the MAC access profile mac_access_profile, set the authentication mode for MAC address authentication to CHAP.

<HUAWEI> system-view
[HUAWEI] mac-access-profile name mac_access_profile
[HUAWEI-mac-access-profile-mac_access_profile] mac-authen authentication-method chap
Parent Topic: NAC Configuration Commands (Unified Mode)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >