I’m really new to 802.1x but I’m trying to use 802.1x authentication in a wired network. My desktop is Linux (centos) using wpa_supplicant as the supplicant. I’m wondering what key_mgmt/eap is normally used in the wired environment?
I went through http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol but it doesn’t clearly say which method/encapsulation is normally used for wired network. Can anyone give me a hint?
Thanks.
Answer
If you are trying to use 802.1x wired authentication, you really need to first know how the authentication server is configured. It’s hard enough to configure 802.1x clients if you know all the details, and it would be shot-in-the-dark, if you don’t know the authentication method or credentials used.
in 802.1x, your machine runs a “supplicant” which talks to the “authenticator” (typically running on the wired switch it is connected to) this authenticator assists in establishing a secure tunnel with your “supplicant” and also passes your credentials on to the “authentication service” to get a thumbs up or down.
Complicating 802.1x is the fact that there are two parts to the authentication. First a secure tunnel is established (outer method) (Generally using a server credential, e.g. certificate), then the client credentials are passed in the tunnel so they are not exposed as plaintext. There are multiple “inner methods.”
Typical authentication servers could be Microsoft server, free radius, or Cisco. If you at least know what authentication service you are running, it would help. If there are other clients working on your net, look at them!! Who set up the service? If you also know what clients are currently working on your network, you can narrow down the choices, because various clients (supplicants) support only a few types of authentication.
I would also look over this: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html#wp386795
Attribution
Source : Link , Question Author : tuma , Answer Author : ssl
