Specifying an SSL client policy
If the PEAP-MSCHAPv2, PEAP-GTC, TTLS-MSCHAPv2, or TTLS-GTC authentication is used, the 802.1X client authentication process is as follows:
The first phase—The device acts as an SSL client to negotiate with the SSL server.
The SSL client uses the SSL parameters defined in the specified SSL client policy to establish a connection with the SSL server for negotiation. The SSL parameters include a PKI domain, supported cipher suites, and the SSL version. For information about SSL client policy configuration, see "Configuring SSL."
The second phase—The device uses the negotiated result to encrypt and transmit the interchanged authentication packets.
If the MD5-Challenge authentication is used, the device does not use an SSL client policy during the authentication process.
To specify an SSL client policy on an interface:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Ethernet interface view. | interface interface-type interface-number | N/A |
3. Specify an SSL client policy. | dot1x supplicant ssl-client-policy policy-name | By default, an 802.1X client-enabled interface uses the default SSL client policy. |