eap-end

Function

The eap-end command sets an authentication method for EAP termination defined in the dot1x template.

The undo eap-end command restores the default configuration.

By default, EAP relay mode is adopted for EAP termination and CHAP authentication is used for EAP termination.

eap-end [ chap | pap ]

undo eap-end

Parameter	Description	Value
chap	Enables CHAP authentication for EAP termination. By default, CHAP authentication is used.	-
pap	Enables PAP authentication for EAP termination.	-

Parameter

Description

Value

chap

Enables CHAP authentication for EAP termination. By default, CHAP authentication is used.

pap

Enables PAP authentication for EAP termination.

802.1X template view

2: Configuration level

Task Name	Operations
bas-eap	write

Usage Scenario

802.1X authentication supports two modes: EAP relay mode and EAP termination mode.

In EAP relay mode, the device relays EAP packets between the client and the RADIUS server. The device encapsulates EAPoR packets into EAPoL packets before relaying them to the client or encapsulates EAPoL packets into EAPoR packets before relaying them to the RADIUS server.
In EAP termination mode, the device terminates EAP packets between the client and the RADIUS server. The device maps EAPoL packets to PAP/CHAP packets before sending them to the RADIUS server or maps PAP/CHAP packets to EAPoL packets before sending them to the client. To enable an authentication method for users using the dot1x template for EAP termination, run the eap-end command.

Precautions

In VS mode, this command is supported only by the admin VS.

PAP is not a secure protocol, and CHAP is recommended.

# Set the authentication method for EAP termination to CHAP for users using the dot1x template.

<HUAWEI> system-view
[~HUAWEI] dot1x-template 1
[~HUAWEI-dot1x-template-1] eap-end chap