Questions tagged [802.1]
IEEE Standard for port-based Network Access Control
141 questions
0
votes
1
answer
203
views
FreeRadius EAP-TLS with Windows Client looping request
I have a FreeRadius 3.0 setup with EAP-TLS only configuration using the test CA, server cert and client cert supplied in the FreeRadius package.
CA.der is installed in Trusted Root Authority Store.
...
1
vote
1
answer
257
views
802.1X Chicken or the Egg?
I'm reading about 802.1X and WPA-2 Enterprise and how to set up it. I've read briefly about the different EAPs and understand that EAP-TLS is the better method of authentication due to the use of ...
0
votes
1
answer
609
views
Can a Linux box be configured with IEEE 802.1x while grabbing the info from a Windows box?
A managed Windows device can join the wired network of my corporate company, while a personal Linux one can't.
As far as I understand, this is possible thanks to IEEE 802.1x standard.
Looking at the ...
- 155
0
votes
1
answer
14k
views
Vlan manager does not automatically disable macs
I want to implement a client infrastructure where the devices connect to the network in different vlan.
I installed a freeradius server connected to our Active Directory. I have enabled the switches ...
- 1
1
vote
3
answers
2k
views
Is it possible to apply firewall on LAN to LAN packets with just PfSense and a layer 2 switch?
Is it possible to apply firewall rules on LAN to LAN packets?
Imagine the following architecture:
To get a valid IP, the clients must authenticate to PfSense LAN network using 802.1x against the ...
0
votes
0
answers
630
views
Can NPS, RADIUS, and 802.1x Assign Multiple VLANs To A Single User?
I will be using Network Policy Server (NPS) with a RADIUS server to assign each user to a VLAN when they successfully authenticate to the network using 802.1x. In Active Directory Directory Services (...
- 227
0
votes
1
answer
90
views
Some Macs not authorizing via 802.1x
Hello I have a really weird issue with some macs not being able to connect to 801.1x in some areas on campus. They however can connect in other places on campus. The configs for both switches are the ...
1
vote
1
answer
3k
views
802.1x and windows 10 domain authentication
Our site has had this problem for over a year now...(off and on).
After PXE imaging a computer via network MAB authentication, the image finishes fine, but once it gets on the domain via the ...
- 93
1
vote
2
answers
12k
views
How to uncheck the Validate server certificate option on the Authentication tab in the Network Connection on windows 10 via command line?
To deploy 802.1X configuration among lots of windows 10 workstations I'm looking for a way to uncheck the Validate server certificate option on the Authentication tab in the Network Connection on ...
- 113
-2
votes
1
answer
308
views
Implement 802.1x PAE in a linux server with one NIC [closed]
I want secure my computers network and I want implement some mechanism that prevent an unauthorized PC to connect to my servers (without use filter by MAC or IP, that is very weak).
So my network has ...
0
votes
1
answer
174
views
(Mass-)configure network interface for 802.1X EAP-TLS, no Windows Domain
I'm trying to prepare a decent amount of Windows 7 computers for wired 802.1X deployment. I have it working already in a test setup, but I need automation.
There are two prerequisites; a) enabling a ...
- 141
1
vote
1
answer
5k
views
How to enable 802.1x EAP-TTLS with PAP in Windows 7?
By default, Windows 7 doesn't support EAP-TTLS authentication method natively. If I enable IEEE 802.1X authentication in Windows 7, I can see only two authentication methods:
Microsoft smart cards or ...
- 31
0
votes
1
answer
76
views
Will an IIS SelfSSL certificate still be valid when the signing server is replaced?
Will my 10 year valid self-signed certificate, that is using a common name not resembling any hostname, still be valid/trusted by others in the AD, after the signing server is replaced in maybe a few ...
- 1
1
vote
0
answers
1k
views
802.1x - automatic fallback from EAP-TLS to EAP-PEAP for Windows 10 clients?
802.1x authentication is enabled on our switch access ports and wireless APs. RADIUS requests are sent to a Server 2012R2 NPS server.
This NPS server has two network policies configured:
...
- 51
1
vote
1
answer
812
views
802.1x Wifi with Disabled AD Account
I have setup an NPS Server (Windows Server 2016) which uses RADIUS to allow my users to authenticate against AD for their Wireless Connections.
When I disable an account in AD, NPS will not allow the ...
- 31
2
votes
1
answer
9k
views
Freeradius VLAN assignment with EAP-TLS and WiFi 802.1x
I'm using FreeRadius with a Ubitquiti WiFi AP with 802.1x auth using EAP-TLS (mutual client/server cert based auth). This is working well for static VLANs (i.e. specified on the AP).
I'd like to ...
- 61
3
votes
0
answers
189
views
Active Directory expired certs causing issues with 802.1x authentication
We are in the process of rolling out 802.1x in our environment. With that said, there are quite a few clients that revert back to an older (expired) certificate which prevents them from ...
- 31
1
vote
0
answers
767
views
802.1x Wifi with NPS Server, using EAP-PEAP and a certificate for Authentication
I don't know if what I am trying to do is possible but here we go.
I have a bunch of iPad's that I am going to supervise before they go on to my network. The iPad's will connect to the wifi via 802....
- 255
0
votes
1
answer
2k
views
freeradius gives "no shared cipher" for windows 10 client
I have a working configuration of 802.1X authentification on my switch. The radius server is a freeradius instance with EAP-TLS configured. Everything works fine on linux (and android devices), but ...
1
vote
0
answers
2k
views
Bridge 802.1x traffic between eth0<->eth1, IP NAT eth0<->eth2
Summary:
Given a Linux system (Ubuntu 16.04) with 3 physical ethernet interfaces:
eth0: WAN
eth1: EAPoL authenticator
eth2: Client LAN
I am attempting to configure this:
Bridge br0: eth0<->eth1
...
- 265
0
votes
0
answers
416
views
RADIUS Server for unauthorized device control using 802.1x
I have a closed network for security cameras. I want only for authorized cameras to be able to connect to the Network Switch. If the Switch supports 802.1x authentication, and so do the cameras, could ...
4
votes
1
answer
7k
views
Verifying RADIUS server is sending the correct certificates?
How can I see the TLS (SSL) certificates that my RADIUS server is using, to make sure it is sending the correct certificate and chain?
I am implementing 802.1x authentication with a RADIUS server, ...
- 1,006
4
votes
2
answers
5k
views
802.1q PXE boot
I've been using CrucibleWDS for the past year to image machines in my environment. My dhcpd.conf file lists the PXE boot information for clients attached to the particular network I use for imaging.
...
- 45
0
votes
2
answers
622
views
Does 802.1x on a Wired Network Prevent Remote Management?
I'm researching the feasibility of implementing 802.1x port security on my wired network. The supplicants will be Windows 7 PCs. The authenticator will be Cisco and Juniper switches. I'm thinking ...
user346794
0
votes
1
answer
148
views
802.1Q and Network Security
I've recently purchased some TP-Link managed switches (two TL-SG1016DE and one TL-SG105E).
I purchased the two first and set it up using 802.1Q VLANs to segregate my DMZ and my LAN, using tagged/...
- 141
1
vote
1
answer
6k
views
WIFi Authentication with Windows Active Directory [closed]
What would you recommend for scenario.
Office with 100 employees multiple device platforms(Apple , Windows and Android).
Existing Windows Active Directory on Windows 2008 but not all devices use this ...
0
votes
1
answer
83
views
Yosemite 10.10.5 Clock drifts while asleep
We have a cart of Macbook Pros with Yosemite 10.10.5 installed on them. Our school network uses 802.1x for authentication to the WiFi, but when these laptops are put in their carts and left to sit ...
- 107
0
votes
0
answers
123
views
Protocol used between a RADIUS client and a computer?
I can't find documentation about the protocol used when a computer wants to reach a network with 802.1x.
RADIUS client (switch, access point) use UDP/1812-1813 to communicate with RADIUS server.
How ...
- 1,390
1
vote
0
answers
590
views
Same VLAN for LAN only and Internet users on 802.1x network with pfSense as gateway
I am creating an ISP for a student residence. The LAN is already there and working, with several CISCO switches. I want to provide Internet by a secured and automatic way to those who pay for it (...
- 111
2
votes
2
answers
4k
views
If network card supports 802.11n, does it mean it supports 5ghz band? [closed]
I've gotten a new router that broadcasts 2.4ghz and 5ghz bands. But my desktop could only see the 2.4ghz connection.
I read from a website that as long as my network adapter supports 802.11a or 802....
- 321
1
vote
1
answer
1k
views
802.1x Login Window profile fails because it "can't prompt for missing properties"
I'm trying to configure a TTLS 802.1x Login Window profile on OS X 10.10.1 Yosemite.
The profile has been installed (via MDM) and the login window now shows (above the username/password input boxes) ...
- 422
1
vote
0
answers
443
views
Using airport extreme as an AP with true bridge mode (forwarding 802.1x auth)
So here is my setup. I have a Router (Fortigate) 4 airport Extreme, and a radius/ldap server on a distant server.
I want my user to authenticate with the radius or LDAP server, and be able to create ...
- 53
2
votes
1
answer
8k
views
Cisco Voice VLAN with 802.1X Authentication
I've got a Cisco Catalyst 2960 that I'm trying to configure for a remote office with 802.1X wired authentication.
The setup I'm going for is Switch -> VoIP Phone via Internal Switch -> PC/...
- 310
11
votes
1
answer
21k
views
linux 802.1x on a windows wired network
I'm looking to use my linux workstation on our company network, but i've been running into a few issues, specifically 802.1x i believe.
I'm root on my machine and a windows domain admin so i should ...
- 5,575
1
vote
2
answers
11k
views
Windows 802.1X WiFi First Login To Domain Laptop
So I have my Windows laptops using 802.1X for authentication to connect to my WPA2-Enterprise WiFi network. This works well except for one edge case.
These laptops are Windows 7 Pro and Windows 8 ...
- 14.4k
2
votes
1
answer
3k
views
Radius Client IP Address when setting up Wifi with WPA2 Enterprise?
I have taken over a server setup (as part of my job) which is setup of the following:
Server setup with Threat Management Gateway (serving as the firewall) - 192.168.1.1
Server with Domain Controller ...
- 149
1
vote
1
answer
629
views
EAP-TLS: is it possible eavesdropping when sharing client certificate?
I want to know how to share a network of WPA2 enterprise with EAP-TLS, authenticating users with a common certificate. They share the same certificate.
I'm afraid they can monitor each other. Is ...
- 25
0
votes
1
answer
697
views
802.1.x GPO configuration with restriction by computers and users
802.1.x configuration possible using Machine Policy GPO. So, typical scenario is creating security group for computers and applying our policy with 802.1.x to this group. After this all machines from ...
- 109
0
votes
1
answer
601
views
Issues with IAS authentication
after changing domain (child.domain.net --> domain.net), our Windows 7 clients are no longer able to authenticate to the IAS server (802.1x switch port won't allow them onto the network). Clients, IAS ...
- 11
0
votes
1
answer
267
views
802.1x wired auth after domain change
I have been trying to find a solution to this issue for the past 2 weeks and it's driving me nuts. Hopefully someone out there can help me.
We are in the process of migrating Windows 7 clients from ...
- 11
-1
votes
1
answer
376
views
"Dynamic" access point and port authentication
Here is the context of the question:
I have multiple switches with port-authentication (MAC based or 802.1X). Each switch are connected with a trunk port statically configured. One vlan for ...
- 101
1
vote
1
answer
187
views
802.1X port-based wired NAP Enforcement
I'm learning about NAP enforcement in Windows Server 2008 R2.
I am unable to grasp how to enforce NAP based on port. I understand that 802.1x wired NAP Enforcement uses switches to decide whether ...
- 169
3
votes
0
answers
3k
views
Cisco SG300 switch does not send RADIUS messages to server for 802.1x
I want to eventually configure the SG300 to authenticate wired clients with 802.1x and Microsoft NPS (RADIUS). I am currently testing this setup using a single port (Port 7) on my SG300, a test ...
2
votes
3
answers
1k
views
Wireless network infrastructure for an office with 40 employees
In my company we're facing connectivity problems due to our not very professional network infrastructure. We're growing now, and we expect to be 40 people at the office by the end of the year.
I'm ...
2
votes
1
answer
7k
views
Bridging multiple VLANs in linux
I'd like to clarify some issues I have with bridging tagged traffic on Linux machine.
I have a 2.6.20 (802.1q, bridging, ebtables are enabled) kernel and a device with two
net interfaces (eth0 and ...
- 51
3
votes
1
answer
11k
views
Configure FreeRADIUS with Active Driectory allow specific group of users to authenticate
In order to authenticate WiFi clients I use a FreeRADIUS server configured to check for user credentials in an Active Directory environment. Currently all users with a valid account are authenticated ...
- 51
3
votes
1
answer
478
views
howto restrict active directory account for PEAP/non-CIFS only
We have some voip phones that we want to integrate into our PEAP WiFi network, and I'm concerned about just creating a standard AD account and using that. If someone got hold of such long-term account ...
- 191
0
votes
1
answer
2k
views
Configuring a RADIUS server for 802.1x over a Cisco Switch
I am trying to set up RADIUS authentication over a Cisco switch and I have gone through every tutorial they have.
I am able to get the RADIUS server to authenticate when I access the CLI of the Cisco ...
- 11
2
votes
1
answer
1k
views
Debian WPA2-Enterprise (Network-manager) 802.1X no prompt for certificate?
I set up an access point (AP) with PEAP (Freeradius) 802.1X authentication and trying to connect the following:
iOS: Automatically provides the certificate to the onscreen user.
Windows: ...
- 244
0
votes
1
answer
2k
views
Can RADIUS offer protection against spoofed MAC addresses accessing resources protected with MAC Authentication
When running RADIUS via WPA2 Enterprise and 802.1x, clients wishing to access the network must provide valid credentials. However, this does not stop malicious clients forging valid clients MAC ...
- 273