The following examples show configurations for physical interfaces with DHCP and various 802.1X authentication methods. These can be used with the POST /interface/ monitoring point API endpoint. Also, note that:

  • For certificate and key file names, you only have to specify the file name, not the path.
  • You should omit any fields that are not required. For example, depending on the authentication server being used, wpa_phase1 may not be required.
  • For each example, all fields except the last require a comma at the end. The last field must not have a comma.

PEAP / EAP-MSCHAPV2

{
  "method": "dhcp",
  "name": "<interface_name>",
  "wpa_key_mgmt": "IEEE8021X",
  "wpa_identity": "<username>",
  "wpa_password": "<password>",
  "wpa_anonymous_identity": "<anonymous identity>",
  "wpa_eap": "PEAP",
  "wpa_ca_cert": "<ca cert file>",
  "wpa_phase1": "peapver=0",
  "wpa_phase2": "auth=MSCHAPV2"
}

PEAP / EAP-TLS

{
  "method": "dhcp",
  "name": "<interface name>",
  "wpa_key_mgmt": "IEEE8021X",
  "wpa_identity": "<username>",
  "wpa_password": "<password>",
  "wpa_anonymous_identity": "<anonymous identity>",
  "wpa_eap": "PEAP",
  "wpa_phase1": "peapver=0",
  "wpa_ca_cert": "<ca cert file>",
  "wpa_client_cert": "<client cert file>",
  "wpa_private_key": "<client private key file>",
  "wpa_private_key_passwd": "<client private key password>",
  "wpa_phase2": "auth=TLS",
  "wpa_ca_cert2": "<ca cert file2>",
  "wpa_client_cert2": "<client cert file2>",
  "wpa_private_key2": "<client private key file2>"
}

EAP-TLS

{
  "method": "dhcp",
  "name": "<interface name>",
  "wpa_key_mgmt": "IEEE8021X",
  "wpa_identity": "<username>",
  "wpa_password": "<password>",
  "wpa_eap": "TLS",
  "wpa_ca_cert": "<ca cert file>",
  "wpa_client_cert": "<client cert file>",
  "wpa_private_key": "<client private key file>",
  "wpa_private_key_passwd": "<client private key password>"
}

EAP-MD5

This configuration is not recommended due to weak security of MD5.

{
  "method": "dhcp",
  "name": "<interface_name>",
  "wpa_key_mgmt": "IEEE8021X",
  "wpa_identity": "<username>",
  "wpa_password": "<password>",
  "wpa_eap": "MD5"
}