Wired 802.1x Authentication
Overview
This page allows you to configure wired IEEE 802.1x settings.
Please be aware that if you do not correctly specify these options when configuring your network device, it will not be able to connect to the IEEE 802.1x network.
Please refer to the information below to see which authentication method your network device supports by using IEEE 802.1x.
Authentication Method
This device supports the following methods using IEEE 802.1x:
- EAP-MD5
- EAP-FAST/PEAP/EAP-TTLS
- EAP-TLS
EAP-MD5
EAP-MD5 (Extensible Authentication Protocol-Message Digest 5) uses user ID and client certificate for authentication.
EAP-FAST
PEAP
EAP-TTLS
Cisco® EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling)/ PEAP (Protected Extensible Authentication Protocol) /EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security) uses user ID and password for authentication.You can verify the server Certificate using the CA certificate.
EAP-TLS
EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) defined in RFC 5216. which uses user ID and client Certificate for authentication.You can verify the server Certificate using the CA certificate.
Inner Authentication Method
You need to specify one of the inner authentication methods according to the one you selected.
This device supports the following inner authentication methods:
- NONE
- MS-CHAPv2
- GTC
- MS-CHAP
- CHAP
- PAP
NONE
MS-CHAPv2 is used for Provisioning, and the method for EAP-FAST corresponding to second phase authentication method.
MS-CHAPv2
MS-CHAPv2(Microsoft-Challenge Handshake Authentication Protocol version 2) is Internal Authentication Method for EAP-FAST/PEAP/EAP-TTLS.
GTC
GTC(Generic Token Card) is Internal Authentication Method for EAP-FAST/PEAP.
MS-CHAP
MS-CHAP(Microsoft-Challenge Handshake Authentication Protocol) is Internal Authentication Method for EAP-TTLS.
CHAP
CHAP(Challenge Handshake Authentication Protocol) is Internal Authentication Method for EAP-TTLS.
PAP
PAP(Password Authentication Protocol) is Internal Authentication Method for EAP-TTLS.
User ID
Set the User ID to use 802.1x Authentication.
Password
Set the Password to use 802.1x Authentication.(It is not necessary to set the Password for EAP-TLS.)
Client Certificate
Select the Client Certificate to use EAP-TLS.You must set the Client Certificate on the "Configure Certificate" page beforehand.
(It is not necessary to Select the Client Certificate , except for EAP-TLS. )
Server Certificate Verification
Select the server certificate verification method.(you do not have to select this method when you use EAP-MD5.)
No Verification
You trust the Server Certificate without verification.
CA Cert.
The server certificate issued by the CA is verified by the CA certificate installed in this device.
In order to use a CA certificate, you need to set it in the "Configure Certificate" page beforehand.
CA Cert. + ServerID
The Server Certificate (issued by the CA using the CA Certificate installed in this machine) and Common Name (Server ID) are verified. Please note that you must set the CA Certificate on the "Configure Certificate" page beforehand.
Server ID
Set the Server ID to use Server Certificate Verification. The Server ID is the Common Name of the Server Certificate.
Certificate
If you use the Client Certificate or the CA Certificate, you must set the CA Certificate on the "Certificate" page beforehand.