This is an old revision of the document!

---

802.1x

Cisco

Server Profile

username <radius-user> password <password>
!
radius server <server>
 address ipv4 <ip> auth-port 1812 acct-port 1813
 automate-tester username <radius-user> ignore-acct-port
 key <key>
!
aaa group server radius <group>
 server name <server>
 ip radius source-interface <interface>
!
aaa server radius dynamic-author
 client <ip> server-key <key>
!
ip radius source-interface <interface>

AAA Profile

aaa new-model
aaa authentication dot1x default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting update newinfo
aaa server radius dynamic-author
aaa session-id common

MAB

Interface Configuration

interface <interface>
 authentication periodic
 authentication port-control auto
 mab

Global Configuration

mab request format attribute 1 groupsize 2 separator : lowercase
dot1x system-auth-control

Dynamic VLAN

RADIUS Attributes

radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include

EAP-TLS

FreeRADIUS

MAB

RADIUS Client Configuration

/etc/raddb/clients.conf

client <name> {
    ipv4addr = <ip>
    proto = udp
    secret = <key>
    nas_type = cisco

Users Configuration

/etc/raddb/users

<mac>       Cleartext-Password := "<mac>"
            Tunnel-Type = 13,
            Tunnel-Medium-Type = 6,
            Tunnel-Private-Group-Id = <vlan>
             
DEFAULT        Cleartext-Password := "%{User-Name}"
               Tunnel-Type = 13,
               Tunnel-Medium-Type = 6,
               Tunnel-Private-Group-ID := 999

WPA2/3 EAP-TLS

• https://wiki.alpinelinux.org/wiki/FreeRadius_EAP-TLS_configuration

Linux

MAB

EAP-TLS

OpenVPN RADIUS Plugin

Go RADIUS