top of page
Search

The 802.1x wire lab

Operation Summary

Today I tested 802.1x lab with cisco 2960 switch as Authenticator, DaloRadius as Authentication Server and Two window 7 clients as supplicant. Although EAP support different kind of authentication mechanisms, I use simple username and password authentication for lab.


Server configuration

Installing Free radius

Enable freeradius with below commands after successful installation.

Check the service status

Start and enable firewalld

Add permanent rules to default zone to allow radius service.

Reload firewalld and confirm radius service was in default zone

Configure freeradius to create client and user for testing lab. Add the subnet address to receive authentication requests (192.168.0.0/24) in “/etc/raddb/clients.conf”

Define a user/password combination for testing. I've created the user kpps with the password Secret and another user test with the password Test. Can pick your own username and password, but it need to maintain the spacing in the configuration file “/etc/raddb/users”.

After changed configuration, need to restart radius service. Also check the service status.

If you want to see the processes more details please run radius service with debug mode.

Switch Configuration

As primary step, establish connection between radius server and switch.

Enable Authentication, Authorization, and Accounting (AAA) for the switch and point to radius server (192.168.88.137).

Configure AAA to reference the RADIUS server for 802.1X authentication and accounting requests.

Testing

Configure static ip address for two window clients.

Configure 802.1x client authentication

            1) Run > services.msc > Wired AutoConfig, right click and start the service.

            2) Control Panel > Network and Sharing Center > Change adapter settings > Interface Properties > Authentication

            3) Choose a network authentication method: Settings configuration was as follow

             4) Additional Settings was as follow was as follow

             5) And set username and password that were configured in radius users config file under “Save credentials”

Result

I transfer file between two client and got the result as follow.

Network Config by my senior bro!

Thank you!

 
 
 

Recent Posts

See All
cisco csr1000v ios upgrade

Today Let me share about upgrading or downgrading ios using ansible. Original idea credit to eanylin (https://github.com/eanylin). I...

 
 
 

Comments

Subscribe Form

  • facebook
  • twitter
  • linkedin

©2019 by proximus. Proudly created with Wix.com

bottom of page