HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 99

{ PAP transports usernames and passwords in plain text. The authentication method applies to scenarios that do not require high security. To use PAP, the client can be an HP iNode 802.1X client. { CHAP transports username in plaintext and encrypted password over the network. It is more secure than PAP. • In EAP relay mode-The access device relays EAP messages between the client and the RADIUS server. The EAP relay mode supports multiple EAP authentication methods, such as MD5-Challenge, EAP-TL, and PEAP. To use this mode, you must make sure the RADIUS server supports the EAP-Message and Message-Authenticator attributes, and uses the same EAP authentication method as the client. If this mode is used, the user-name-format command configured in RADIUS scheme view does not take effect. For more information about the user-name-format command, see "RADIUS commands." Examples # Enable the access device to terminate EAP packets and perform PAP authentication with the RADIUS server. system-view [Sysname] dot1x authentication-method pap Related commands display dot1x dot1x handshake Use dot1x handshake to enable the online user handshake function. Use undo dot1x handshake to disable the function. Syntax dot1x handshake undo dot1x handshake Default The online user handshake function is enabled. Views Ethernet Interface view Predefined user roles network-admin Usage guidelines The online user handshake function enables the device to periodically (set with the dot1x timer handshake-period command) send handshake messages to the client to verify the connectivity status of online 802.1X users. If no response is received from an online user after the maximum number of handshake attempts (set by the dot1x retry command) has been made, the network access device sets the user in the offline state. Examples # Enable the online user handshake function on Ten-GigabitEthernet 1/1/6. system-view 90