This is an old revision of the document!

802.1x

Cisco

Server Profile

radius server <server>
 address ipv4 <ip> auth-port 1812 acct-port 1813
 key <key>
!
aaa server radius dynamic-author
 client <ip> server-key <key>
!
ip radius source-interface <interface>

AAA Profile

aaa new-model
aaa authentication dot1x default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting update newinfo
aaa session-id common

MAB

Interface Configuration

interface <interface>
 dot1x pae authenticator
 authentication periodic
 authentication port-control auto
 mab

Global Configuration

dot1x system-auth-control

Dynamic VLAN

RADIUS Attributes

radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include

EAP-TLS

FreeRADIUS

RADIUS Client Configuration

/etc/raddb/clients.conf

client <name> {
    ipv4addr = <ip>
    proto = udp
    secret = <key>
    nas_type = cisco

Users Configuration

/etc/raddb/users

<mac>    Cleartext-Password := "<mac>"
                     Tunnel-Type = 13,
                     Tunnel-Medium-Type = 6,
                     Tunnel-Private-Group-Id = 10

生まれ変わる - umarekawaru

Sidebar

Table of Contents

802.1x

Cisco

MAB

Dynamic VLAN

EAP-TLS

FreeRADIUS

MAB

WPA2/3 EAP-TLS

Linux

MAB

EAP-TLS

OpenVPN RADIUS Plugin

Go RADIUS

生まれ変わる - umarekawaru

User Tools

Site Tools

Sidebar

Table of Contents

802.1x

Cisco

MAB

Dynamic VLAN

EAP-TLS

FreeRADIUS

MAB

WPA2/3 EAP-TLS

Linux

MAB

EAP-TLS

OpenVPN RADIUS Plugin

Go RADIUS

Page Tools