11-18
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter11 Configuring Authentication Types
Configuring Authentication Types
Creating an EAP Method Profile
Beginning in privileged exec mode, follow these steps to define a new EAP profile:
Use the no command to negate a command or set its defaults.
Use the show eap registrations method command to view the currently available (registered) EAP
methods.
ap#show eap registrations method
Registered EAP Methods:
Method Type Name
4 Auth and Peer MD5
6 Auth and Peer GTC
13 Auth and Peer TLS
17 Auth and Peer LEAP
25 Auth and Peer PEAP
26 Auth and Peer MSCHAPV2
43 Auth and Peer FAST
Use the show eap sessions command to view existing EAP sessions.
Applying an EAP Profile to the Fast Ethernet Interface
This operation normally applies to access points that need to be authenticated against a RADIUS server,
when they are connected to a switch port that is configured to perform 802.1x authentication of
connected devices. The AP will act as a 802.1x client, and will need to provide credentials to be
authenticated.
Beginning in privileged exec mode, follow these steps to apply an EAP profile to the Fast Ethernet
interface:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 eap profile profile name Enter a name for the profile
Step3 description (Optional)—Enter a description for the EAP profile
Step4 method {fast | gtc | leap | md5 |
mschapv2 | peap | tls}
Enter an allowed EAP method or methods.
Note Although they appear as sub-parameters, EAP-GTC,
EAP-MD5, and EAP-MSCHAPV2 are intended as inner
methods for tunneled EAP authentication and should not
be used as the primary authentication method.
Step5 end Return to the privileged EXEC mode.
Step6 copy running config
startup-config
(Optional) Save your entries in the configuration file.