Table of Contents
Field
Anonymous
identifier
SSL client policy
FSM state
EAPOL-Start
packets
dot1x supplicant anonymous identify
Use dot1x supplicant anonymous identify to configure an 802.1X client anonymous identifier.
Use undo dot1x supplicant anonymous identify to restore the default.
Syntax
dot1x supplicant anonymous identify identifier
undo dot1x supplicant anonymous identify
Default
No 802.1X client anonymous identifier exists.
Views
Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
identifier: Specifies an 802.1X client anonymous identifier, a case-sensitive string of 1 to 253
characters.
Usage guidelines
At the first authentication phase, packets sent to the authenticator are not encrypted. The use of an
802.1X client anonymous identifier prevents the 802.1X client username from being disclosed at the
first phase. The 802.1X client-enabled device sends the anonymous identifier to the authenticator
instead of the 802.1X client username. The 802.1X client username will be sent to the authenticator
in encrypted packets at the second phase.
If no 802.1X client anonymous identifier is configured, the device sends the 802.1X client username
in the first phase.
The configured 802.1X client anonymous identifier takes effect only if one of the following EAP
authentication methods is used:
•
PEAP-MSCHAPv2.
•
PEAP-GTC.
•
TTLS-MSCHAPv2.
Description
802.1X client anonymous identifier.
SSL client policy used by the 802.1X client feature.
802.1X client authentication state:
•
Init—The authentication process starts.
•
Connecting—The 802.1X client is connecting to the authenticator.
•
Authenticating—The 802.1X client is being authenticated.
•
Authenticated—The 802.1X client has been authenticated.
•
Held—The 802.1X client is waiting for authentication.
Number of sent EAPOL-Start packets.
690
Table of Contents
