194 CHAPTER 7: AAA C OMMANDS■ protocol — Protocol used for authentication. Specify one of thefollowing:■ eap-md5 — Extensible Authentication Protocol (EAP) withmessage-digest algorithm 5. For wired authentication clients:Uses challenge-response to compare hashesProvides no encryption or integrity checking for the connection■ eap-tls — EAP with Transport Layer Security (TLS):Provides mutual authentication, integrity-protected negotiation,and key exchangeRequires X.509 public key certificates on both sides of theconnectionProvides encryption and integrity checking for the connectionCannot be used with RADIUS server authentication■ peap-mschapv2 — Protected EAP (PEAP) with Microsoft ChallengeHandshake Authentication Protocol version 2 (MS-CHAP-V2). Forwireless clients:Uses TLS for encryption and data integrity checking and server-sideauthenticationProvides MS-CHAP-V2 mutual authenticationOnly the server side of the connection needs a certificate.The wireless client authenticates using TLS to set up an encryptedsession. Then MS-CHAP-V2 performs mutual authentication usingthe specified AAA method.■ pass-through — MSS sends all the EAP protocol processing to aRADIUS server.EAP-MD5 does not work with Microsoft wired authenticationclients.■ method1, method2, method3, method4 — At least one and up to fourmethods that MSS uses to handle authentication. Specify one or moreof the following methods in priority order. MSS applies multiplemethods in the order you enter them.A method can be one of the following:
