Network access control on wired networks with IEEE 802.1X
Production
The last step for the administrator is to set the RADIUS server to production mode: enable the init script using service freeradius start, and type chkconfig freeradius on to set up the server to use the same start procedure when rebooted.
Conclusion
The components for device-based authentication of terminal devices exist in many environments. It is up to the administrator to combine those components.
For some people, Network Access Control includes additional aspects, such as technical validation of version status or up-to-date virus signatures, in line with a security policy. NAC offers a number of customization options: Besides LDAP or SQL database integration, more complex environments might want to deploy a PKI with the use of Tiny CA [10], for example. Smartcards such as the Aladdin E-Token protect private user certificates.
IPv6 is supported with FreeRADIUS Version 2 or later; however, some 802.1X-capable switches might not comply. If you are experimenting with IKEv2, check out the project's experimental.conf.
An identically named SourceForge project is also researching IKEv2 [11]. Thanks to the Hostapd project [12], administrators can soon look forward to a new implementation of EAP in FreeRADIUS known as EAP2.
Infos
- IEEE 802.1x-2004: http://www.ieee802.org/1/pages/802.1x-2004.html
- RFC 5216, "EAP-TLS Authentication Protocol": http://tools.ietf.org/rfc/rfc5216.txt
- Cisco 802.1x Guide: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/dot1x.html
- FreeRADIUS Wiki on Cisco IOS commands: http://wiki.freeradius.org/Cisco
- FreeRADIUS Project: http://freeradius.org
- FreeRADIUS at GitHub: http://github.com/Antti/freeradius-server/tree/master
- OpenSEA: http://openseaalliance.org
- Open1X project: http://open1x.sf.net
- WPA supplicant: http://hostap.epitest.fi/wpa_supplicant/
- Tiny CA: http://tinyca.sm-zone.net
- EAP-IKEv2 project on Sourceforge: http://eap-ikev2.sf.net
- EAP modes supported by FreeRADIUS: http://freeradius.org/features/eap.html
« Previous 1 2 3 4
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs