====== 802.1x ======
<markdown>
# Cisco IOS
__Server Profile__
```
username <radius-user> password <password>
!
radius server <server>
 address ipv4 <ip> auth-port 1812 acct-port 1813
 automate-tester username <radius-user> ignore-acct-port
 key <key>
!
aaa group server radius <group>
 server name <server>
 ip radius source-interface <interface>
!
ip radius source-interface <interface>
``` 
__AAA Profile__
```
aaa new-model
aaa session-id common
aaa authentication dot1x default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting update newinfo
```
## MAB
__Interface Configuration__
```
interface <interface>
 switchport mode access
 authentication periodic
 authentication port-control auto
 mab
```
__Global Configuration__
```
mab request format attribute 1 groupsize 2 separator : lowercase
authentication mac-move permit
dot1x system-auth-control
```
## CoA
```
aaa server radius dynamic-author
 client <ip> server-key <key>
```
## Dynamic VLAN
__RADIUS Attributes__
```
radius-server attribute 6 on-for-login-auth
radius-server attribute 32 include-in-access-req 
```
# FreeRADIUS
## MAB
__RADIUS Client Configuration__

/etc/raddb/clients.conf
```
client <name> {
    ipv4addr = <ip>
    proto = udp
    secret = <key>
    nas_type = cisco
```
__Users Configuration__

/etc/raddb/users
```
<mac>       Cleartext-Password := "<mac>"
            Tunnel-Type = 13,
            Tunnel-Medium-Type = 6,
            Tunnel-Private-Group-Id = <vlan>
             
DEFAULT        Cleartext-Password := "%{User-Name}"
               Tunnel-Type = 13,
               Tunnel-Medium-Type = 6,
               Tunnel-Private-Group-ID := 999
```
### WPA2/3 EAP-TLS

- https://wiki.alpinelinux.org/wiki/FreeRadius_EAP-TLS_configuration

# Linux
## MAB
## EAP-TLS
# OpenVPN RADIUS Plugin
# Go RADIUS

</markdown>