Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

authentication-protocol

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 15.1R3 for EX Series switches.

eap-peap introduced in Junos OS Release 17.2R1.

Description

Specify the protocol to be used by a supplicant to provide authentication credentials for MAC RADIUS authentication. The protocols supported for MAC RADIUS authentication are EAP-MD5, which is the default, Protected Extensible Authentication Protocol (EAP-PEAP), and Password Authentication Protocol (PAP).

Default

If authentication-protocol is not configured, the EAP-MD5 authentication protocol is used for MAC RADIUS authentication.

Options

eap-md5Use the EAP-MD5 protocol for MAC RADIUS authentication. EAP-MD5 is an authentication method belonging to the Extensible Authentication Protocol (EAP) authentication framework. EAP-MD5 uses MD5 to hash the username and password. EAP-MD5 provides for a one-way client authentication. The server sends the client a random request for which the client must provide a response containing an encryption of the request and its password for establishing its identity.
eap-peap <resume>Use the EAP-PEAP protocol, also known as Protected EAP or PEAP, for MAC RADIUS authentication. EAP-PEAP is a protocol that encapsulates EAP within a potentially encrypted and authenticated Transport Layer Security (TLS) tunnel. By encapsulating the authentication process in a TLS tunnel, PEAP addresses the vulnerabilities of an EAP like EAP-MD5.

Syntax: resume—(Optional) Enable faster authentication when reconnecting by resuming the TLS session.

papUse the PAP authentication protocol for MAC RADIUS authentication. PAP provides a simple password-based authentication for users to establish their identity by using a two-way handshake. PAP transmits plaintext passwords over the network without encryption. PAP must be configured if the Lightweight Directory Access Protocol (LDAP), which supports only plaintext passwords for client authentication, is used for RADIUS authentication.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.