生まれ変わる - umarekawaru

User Tools

Site Tools

Trace: web technical boot
technical:8021x

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
technical:8021x [2022/09/26 08:29] – [FreeRADIUS] jctechnical:8021x [2024/12/14 09:14] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====== 802.1x ======
 <markdown> <markdown>
-# 802.1x +# Cisco IOS
-## Cisco+
 __Server Profile__ __Server Profile__
 ``` ```
 +username <radius-user> password <password>
 +!
 radius server <server> radius server <server>
  address ipv4 <ip> auth-port 1812 acct-port 1813  address ipv4 <ip> auth-port 1812 acct-port 1813
 + automate-tester username <radius-user> ignore-acct-port
  key <key>  key <key>
 ! !
-aaa server radius dynamic-author +aaa group server radius <group> 
- client <ip> server-key <key>+ server name <server> 
 + ip radius source-interface <interface>
 ! !
 ip radius source-interface <interface> ip radius source-interface <interface>
Line 16: Line 20:
 ``` ```
 aaa new-model aaa new-model
 +aaa session-id common
 aaa authentication dot1x default group radius aaa authentication dot1x default group radius
 aaa accounting dot1x default start-stop group radius aaa accounting dot1x default start-stop group radius
 aaa accounting update newinfo aaa accounting update newinfo
-aaa session-id common 
 ``` ```
-### MAB+## MAB
 __Interface Configuration__ __Interface Configuration__
 ``` ```
 interface <interface> interface <interface>
- dot1x pae authenticator+ switchport mode access
  authentication periodic  authentication periodic
  authentication port-control auto  authentication port-control auto
Line 32: Line 36:
 __Global Configuration__ __Global Configuration__
 ``` ```
 +mab request format attribute 1 groupsize 2 separator : lowercase
 +authentication mac-move permit
 dot1x system-auth-control dot1x system-auth-control
 ``` ```
-### Dynamic VLAN+## CoA 
 +``` 
 +aaa server radius dynamic-author 
 + client <ip> server-key <key> 
 +``` 
 +## Dynamic VLAN
 __RADIUS Attributes__ __RADIUS Attributes__
 ``` ```
 radius-server attribute 6 on-for-login-auth radius-server attribute 6 on-for-login-auth
-radius-server attribute include-in-access-req +radius-server attribute 32 include-in-access-req 
-radius-server attribute 25 access-request include+
 ``` ```
-## EAP-TLS +FreeRADIUS 
-## FreeRADIUS+## MAB
 __RADIUS Client Configuration__ __RADIUS Client Configuration__
-Edit /etc/raddb/clients.conf 
-``` 
-__Users Configuration__ 
-``` 
-<mac>    Cleartext-Password := "<mac>" 
-                     Tunnel-Type = 13, 
-                     Tunnel-Medium-Type = 6, 
-                     Tunnel-Private-Group-Id = 10 
  
 +/etc/raddb/clients.conf
 ``` ```
 client <name> { client <name> {
Line 60: Line 63:
     nas_type = cisco     nas_type = cisco
 ``` ```
-### MAB+__Users Configuration__ 
 + 
 +/etc/raddb/users 
 +``` 
 +<mac>       Cleartext-Password := "<mac>" 
 +            Tunnel-Type = 13, 
 +            Tunnel-Medium-Type = 6, 
 +            Tunnel-Private-Group-Id = <vlan> 
 +              
 +DEFAULT        Cleartext-Password := "%{User-Name}" 
 +               Tunnel-Type = 13, 
 +               Tunnel-Medium-Type = 6, 
 +               Tunnel-Private-Group-ID := 999 
 +```
 ### WPA2/3 EAP-TLS ### WPA2/3 EAP-TLS
  
 - https://wiki.alpinelinux.org/wiki/FreeRadius_EAP-TLS_configuration - https://wiki.alpinelinux.org/wiki/FreeRadius_EAP-TLS_configuration
  
-## Linux +# Linux 
-### MAB +## MAB 
-### EAP-TLS +## EAP-TLS 
-## OpenVPN RADIUS Plugin +# OpenVPN RADIUS Plugin 
-## Go RADIUS+# Go RADIUS
  
-</markdown +</markdown>
->+
  
technical/8021x.1664195383.txt.gz · Last modified: 2022/09/26 08:29 by jc

Page Tools