Welcome to Scribd!

0% found this document useful (0 votes)

116 views

802 1x

Uploaded by

This document provides an overview of configuring 802.1X authentication using RADIUS servers. It discusses the EAP protocol, threats like man-in-the-middle attacks that 802.1X addresses, and how RADIUS functions as a client-server model for authentication. The document also gives examples of configuring the RADIUS server Radiator, as well as Cisco access points and switches, to implement 802.1X authentication with traffic separation using different VLANs for guests, students, and employees.

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

802 1x

Uploaded by

pero27

0% found this document useful (0 votes)

116 views28 pages

Original Title

802.1x

Copyright

Available Formats

PPT, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

Download as ppt, pdf, or txt

0% found this document useful (0 votes)

116 views28 pages

802 1x

Uploaded by

pero27

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

Download as ppt, pdf, or txt

Jump to Page

You are on page 1of 28

Search inside document

802.

1X Configuration

Terena 802.1X workshop

the Netherlands, Amsterdam, March 30th

Paul Dekkers

Overview

EAP

What makes EAP flexible

Man-in-the-Middle attack
Thats why we need a good EAP mechanism!

RADIUS proxy-ing

RADIUS
Client-Server model
Authenticator is a RADIUS client Authentication-server is the RADIUS server RADIUS server can be a client as well

RADIUS whats in the packet

UDP, ports 1645/1646 or 1812/1813 Mind the firewall! Attributes, like User-Name, User-Password, EAP-Message Shared Secret

RADIUS and REALMS

Use well-chosen realms: preferably like an e-mail address, user@institution.ccTLD Important with PROXY-ing

Guest Access

Traffic separation without 1x

Traffic separation with 1x

Supplicant

Authenticator (AP or switch)

RADIUS server University X User DB

RADIUS server SURFnet office User DB

Guest Paul.Dekkers@surfnet.nl

Internet Guest VLAN Students VLAN

Employee VLAN

Central RADIUS proxy server

Traffic separation with 1x

Hands-on setup

Configuration:

Radiator
Linear Global configuration
AuthPort 1812 AcctPort 1813 LogDir /var/log/radius DbDir /etc/radiator

Clients Handlers
15

Configuration:

Radiator
RADIUS Clients
<Client 192.168.1.2> Secret 6.6obaFkm&RNs666 Identifier AP1 IdenticalClients 192.168.1.3, 192.168.1.4 </Client>

Configuration:

Radiator
<Handler Realm=surfnet.nl> <AuthBy FILE> Filename users </AuthBy> </Handler>

Configuration:

Radiator
<Handler Realm=surfnet.nl> <AuthBy FILE> Filename users EAPType TTLS, PEAP, MSCHAP-V2 EAPTLS_CAFile root-ca.pem EAPTLS_CertificateFile server.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile private.pem EAPTLS_PrivateKeyPassword secret EAPTLS_MaxFragmentSize 1024 AutoMPPEKeys </AuthBy> </Handler>

Configuration:

Radiator
<Handler Realm=surfnet.nl, Request-Type=Accounting-Request> # Accept, and log </Handler> <Handler Realm=surfnet.nl, TunnelledByTTLS=1> # PAP </Handler> <Handler Realm=surfnet.nl, TunnelledByPEAP=1> # EAP-MSCHAPv2 </Handler> <Handler Realm=surfnet.nl> # EAP-TTLS and EAP-PEAP </Handler>

Configuration:

Radiator, Identifiers and Catch-all

<AuthBy RADIUS> Identifier SURFNET-PROXY Host radius-proxy.surfnet.nl Secret Sdfg8WeR98r09d8fg AuthPort 1812 AcctPort 1813 </AuthBy> <Handler> AuthBy SURFNET-PROXY </Handler>

RADIUS proxy-loop
Good configuration is more complex, often lacks in prevention for proxy-loops

Configuration:

Access-Point

Cisco AP - RADIUS
AP1(config)#aaa new-model aaa group server radius rad_eap server 192.87.116.63 auth-port 1812 acct-port 1813 aaa authentication login eap_methods group rad_eap aaa accounting network acct_methods start-stop group rad_acct radius-server host 192.87.116.63 auth-port 1812 acct-port 1813 key X

Cisco AP - Wireless Interface

AP1(config)#interface dot11Radio 0 AP1(config-if)#encryption mode ciphers wep40 AP1(config-if)#broadcast-key change 1800 AP1(config-if)#no ssid tsunami AP1(config-if)#ssid SURFnet AP1(config-if-ssid)#authentication open eap eap_methods AP1(config-if-ssid)#guest-mode AP1(config-if-ssid)#^Z

Cisco switch enable RADIUS

Switch# configure terminal Switch(config)# aaa new-model Switch(config)# radius-server host 192.168.100.1x auth-port 1812 key <secret>

Cisco switch enable 802.1x

Switch(config)# aaa authentication dot1x default group radius Switch(config)# dot1x system-auth-control Switch(config)# interface fastethernet0/1 Switch(config-if)# spanning-tree portfast Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 Switch(config-if)# dot1x port-control auto Switch(config-if)# end Switch(config-if)# dot1x guest-vlan 60

Windows and wired 802.1x

Extra in hands-on
Configuration of VLANs: Can you enable roaming with another group? Can you create an SSID for users without 802.1x?

Firewall and Proxy Servers
Document26 pages
Firewall and Proxy Servers
rajeevadeevi
No ratings yet
9.advanced CheckPoint Interview Questions and Answers 2017
Document4 pages
9.advanced CheckPoint Interview Questions and Answers 2017
nagendra_badam
No ratings yet
Checkpoint Firewall Interview Question and Answer Part 1
Document4 pages
Checkpoint Firewall Interview Question and Answer Part 1
Files Down
No ratings yet
How To - Establish VPN Tunnel Between Cyberoam and Cisco Router PIX
Document15 pages
How To - Establish VPN Tunnel Between Cyberoam and Cisco Router PIX
Nurain Akram
No ratings yet
Microsoft Dynamics 365 and ExpressRoute
Document56 pages
Microsoft Dynamics 365 and ExpressRoute
donna.nix
No ratings yet
Network Security (Version1.0) - Final Exam Answers Full
Document66 pages
Network Security (Version1.0) - Final Exam Answers Full
Brali Dioulson Nguema
No ratings yet
802.1x Port and MAC Base Function
Document17 pages
802.1x Port and MAC Base Function
Informática Bezmiliana
No ratings yet
CCNA Security Lab 14 - Cisco IOS SYSLOG and SNMP Configuration - CLI
Document12 pages
CCNA Security Lab 14 - Cisco IOS SYSLOG and SNMP Configuration - CLI
velramsen
No ratings yet
How To Upgrade IOS Image On Cisco Catalyst Switch or Router
Document4 pages
How To Upgrade IOS Image On Cisco Catalyst Switch or Router
Barbara Chamberlain
No ratings yet
MUMID17 - MikroTik Hotspot Audit & Hardening PDF
Document60 pages
MUMID17 - MikroTik Hotspot Audit & Hardening PDF
Yuwana Patriawarman
No ratings yet
9.1.1.6 Lab - Encrypting and Decrypting Data Using OpenSSL
Document3 pages
9.1.1.6 Lab - Encrypting and Decrypting Data Using OpenSSL
Brian Harefa
No ratings yet
How To Configure Site-To-Site IKEv2 IPSec VPN Using Pre-Shared Key Authentication
Document12 pages
How To Configure Site-To-Site IKEv2 IPSec VPN Using Pre-Shared Key Authentication
Ñito Rodriguez
No ratings yet
VPN (Any Type) Between 2 Mikrotik Routers and No Static IP Addresses - MikroTik Wiki
Document2 pages
VPN (Any Type) Between 2 Mikrotik Routers and No Static IP Addresses - MikroTik Wiki
Ajay J Verma
No ratings yet
Configuring An Ipsec Tunnel Through A Firewall With Nat: Document Id: 14138
Document8 pages
Configuring An Ipsec Tunnel Through A Firewall With Nat: Document Id: 14138
pandvas5
No ratings yet
Procedure To Upgrade Fortigate Boxes
Document1 page
Procedure To Upgrade Fortigate Boxes
Kaushal Kishor
No ratings yet
Tutorial Mikrotik VPN
Document10 pages
Tutorial Mikrotik VPN
Oki
100% (1)
Palo Alto - How To Configure Captive Portal
Document17 pages
Palo Alto - How To Configure Captive Portal
Danny Manno
No ratings yet
Troubleshooting Tool - Using The FortiOS Built-In Packet Sniffer
Document4 pages
Troubleshooting Tool - Using The FortiOS Built-In Packet Sniffer
Ayan Nas
No ratings yet
Mikrotik HTTPS PDF
Document20 pages
Mikrotik HTTPS PDF
Vladan Colakovic
No ratings yet
Load Balancing Using Mikrotik Router OS
Document24 pages
Load Balancing Using Mikrotik Router OS
AmbroseNdahura
No ratings yet
FreeRadius For MAC Authentication On Netgear Wireless Access Points - Spiceworks
Document4 pages
FreeRadius For MAC Authentication On Netgear Wireless Access Points - Spiceworks
frank
No ratings yet
Deploying DNSSEC v3
Document31 pages
Deploying DNSSEC v3
Anovar_ebooks
No ratings yet
Lab 06: Packet Filter With Iptables: 1. Overview
Document2 pages
Lab 06: Packet Filter With Iptables: 1. Overview
KurobaKaito
No ratings yet
Solarwinds SNMPv2 and v3 Configuration Guide
Document7 pages
Solarwinds SNMPv2 and v3 Configuration Guide
2629326
No ratings yet
Cacti Installation - Public
Document4 pages
Cacti Installation - Public
nrrkr
No ratings yet
Sd-Wan Zero-to-Hero: Net Expert Solutions
Document11 pages
Sd-Wan Zero-to-Hero: Net Expert Solutions
Florick Le Mahamat
No ratings yet
Firewall Interview Questions Asa
Document3 pages
Firewall Interview Questions Asa
Rakesh Rakee
0% (1)
Bảo Mật
Document2 pages
Bảo Mật
Minh Nghia Pham
No ratings yet
Monitoring Netflow With NfSen
Document5 pages
Monitoring Netflow With NfSen
ThanhNN0312
No ratings yet
Ipsec With Cisco Asa
Document10 pages
Ipsec With Cisco Asa
Sai Kyaw Htike
No ratings yet
Advantages of Firewall
Document16 pages
Advantages of Firewall
Bridget Smith
69% (13)
High Availability Network Services Using Mikrotik Routeros: by Martin Pína
Document19 pages
High Availability Network Services Using Mikrotik Routeros: by Martin Pína
Ahmad AL
No ratings yet
Traing Miktrotik
Document365 pages
Traing Miktrotik
Cholili Bastian
No ratings yet
Fortinet Secure Sdwan
Document15 pages
Fortinet Secure Sdwan
mohmmed
No ratings yet
Basic Router Configuration
Document26 pages
Basic Router Configuration
Najeeb Khan
No ratings yet
VPN Basic: Certified Mikrotik Training Basic Class
Document28 pages
VPN Basic: Certified Mikrotik Training Basic Class
Vanto De
No ratings yet
Cisco FTD FMC Routed Mode Lab Configuration
Document14 pages
Cisco FTD FMC Routed Mode Lab Configuration
Jorge Brandão
No ratings yet
10.2.1.9 Lab - Configure A Site-to-Site IPsec VPN Using ISR CLI and ASA 5506-X ASDM
Document16 pages
10.2.1.9 Lab - Configure A Site-to-Site IPsec VPN Using ISR CLI and ASA 5506-X ASDM
eliza
No ratings yet
Lab Sous Gns3-Configuring A Site-To-Site Ipsec VPN Using CCP and Asdm
Document31 pages
Lab Sous Gns3-Configuring A Site-To-Site Ipsec VPN Using CCP and Asdm
aboubakeriam djibirldarar
No ratings yet
9.2.2.7 Lab - Certificate Authority Stores PDF
Document9 pages
9.2.2.7 Lab - Certificate Authority Stores PDF
Interesting facts Channel
0% (1)
How To - Configure Cyberoam As SNMP Agent PDF
Document5 pages
How To - Configure Cyberoam As SNMP Agent PDF
dhamecha_sweetu_6730
No ratings yet
Netscreen - VPN Troubleshooting.
Document31 pages
Netscreen - VPN Troubleshooting.
Amandeep Singh
No ratings yet
Configuring Security Features
Document8 pages
Configuring Security Features
edin
No ratings yet
Counters With Numbers. What Is The Meaning of Those Counters?
Document5 pages
Counters With Numbers. What Is The Meaning of Those Counters?
ashok4202k
0% (1)
L2TP VPN Troubleshooting FAQ
Document3 pages
L2TP VPN Troubleshooting FAQ
Ajit
No ratings yet
Linux Lab 21 Firewall Definitions
Document1 page
Linux Lab 21 Firewall Definitions
smile4ever54
100% (1)
Pfsense Training - 2
Document32 pages
Pfsense Training - 2
Shwe Rain
No ratings yet
DHCP Snooping
Document35 pages
DHCP Snooping
Douglas Da Silva Benedito
No ratings yet
Manual RoMON
Document3 pages
Manual RoMON
Namdher Colmenares
No ratings yet
F5-101-Master-Cheat-Sheet Yo
Document13 pages
F5-101-Master-Cheat-Sheet Yo
Amandeep Singh
No ratings yet
4.4.1.1 Lab - Configuring Zone-Based Policy Firewalls - Instructor
Document35 pages
4.4.1.1 Lab - Configuring Zone-Based Policy Firewalls - Instructor
Lupita Vázquez
No ratings yet
Lab 10: Vpns - Ipsec Remote Access VPN: 10.1 Details
Document24 pages
Lab 10: Vpns - Ipsec Remote Access VPN: 10.1 Details
charles81
No ratings yet
Pan-Os Cli Quick Start
Document44 pages
Pan-Os Cli Quick Start
deltacraiova
No ratings yet
Ddos Detect Mikrotik
Document30 pages
Ddos Detect Mikrotik
Alin
No ratings yet
Adding ASA Firewall Image File To GNS3
Document8 pages
Adding ASA Firewall Image File To GNS3
in_visible
0% (1)
LAB Inter Vlan Routing Using Layer 3 Switch
Document9 pages
LAB Inter Vlan Routing Using Layer 3 Switch
injectingfever
No ratings yet
Cloudfale Ddos
Document37 pages
Cloudfale Ddos
Boolaaone
No ratings yet
CCNP Switching
Document111 pages
CCNP Switching
Anshul Malhotra
No ratings yet
Snort IPS Tutorial
Document9 pages
Snort IPS Tutorial
sadjoker1
100% (1)
5.4.1.1 Lab - Configure An Intrusion Prevention System (IPS) PDF
Document21 pages
5.4.1.1 Lab - Configure An Intrusion Prevention System (IPS) PDF
Ivan Zurita
No ratings yet
DDoS Mitigation A Complete Guide - 2019 Edition
From Everand
DDoS Mitigation A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
CS 342 - Assignment 2 - August - 2022 - Socket Programming
Document10 pages
CS 342 - Assignment 2 - August - 2022 - Socket Programming
Sandeep Mantri
No ratings yet
xw5033 3.50 Part 1 Chassis
Document153 pages
xw5033 3.50 Part 1 Chassis
Javier Tofalo
No ratings yet
Swift Block Info and Format
Document5 pages
Swift Block Info and Format
nishantvshah
No ratings yet
Tor Pig
Document13 pages
Tor Pig
Martynas Sklizmantas
No ratings yet
Wang 2017
Document16 pages
Wang 2017
ali
No ratings yet
Wisconsin DOT Chapter - 4 CCTV
Document12 pages
Wisconsin DOT Chapter - 4 CCTV
acabading
No ratings yet
Radio Link Set Up
Document8 pages
Radio Link Set Up
gourav11207
No ratings yet
Deleting A Static IP Address
Document4 pages
Deleting A Static IP Address
Satish Kaya
No ratings yet
Technical Interview Questions - Networking
Document9 pages
Technical Interview Questions - Networking
MuniKumar Balu
No ratings yet
SM 100
Document47 pages
SM 100
Mohd Abdul Raheem
No ratings yet
Mobile Technology 1
Document2 pages
Mobile Technology 1
kamal
No ratings yet
Interleave Division Multiple Access: Saksh Sethi 3 Year Electronics Engg. Seminar Guide Mr. Amit Jaisal Lecturer
Document22 pages
Interleave Division Multiple Access: Saksh Sethi 3 Year Electronics Engg. Seminar Guide Mr. Amit Jaisal Lecturer
Saksh Sethi
100% (3)
Mr. Robot
Document11 pages
Mr. Robot
Shahrukh Iqbal Mirza
No ratings yet
Wi-SUN Linux Border Router Reference Solution-SiliconLabs
Document2 pages
Wi-SUN Linux Border Router Reference Solution-SiliconLabs
Nirav Desai
No ratings yet
NGF90010-NextGen Firewall Firmware 71 Update-Overview and Update Process
Document27 pages
NGF90010-NextGen Firewall Firmware 71 Update-Overview and Update Process
JuanAlvaroEsquivelAguilar
No ratings yet
Web Services Delivered From Cloud
Document49 pages
Web Services Delivered From Cloud
ali abbas
No ratings yet
The Road To 600G
Document3 pages
The Road To 600G
Do Xuan Huu
No ratings yet
BN104 Lecture 1 Introduction
Document31 pages
BN104 Lecture 1 Introduction
Subodh Poudyal
No ratings yet
3CX Basic Training - Trainer Checklist
Document23 pages
3CX Basic Training - Trainer Checklist
barabolja
No ratings yet
Case Study-Netflix
Document7 pages
Case Study-Netflix
Arijit Sadhu
No ratings yet
About ERMES 2019 PDF
Document21 pages
About ERMES 2019 PDF
TAHA
No ratings yet
Arduino WiFi-Connected Weather Station With Android User Interface - CodeProject
Document22 pages
Arduino WiFi-Connected Weather Station With Android User Interface - CodeProject
alexender2k
No ratings yet
Intebarid
Document13 pages
Intebarid
Vlad Ion
No ratings yet
3GPP TS 32.455: Technical Specification
Document15 pages
3GPP TS 32.455: Technical Specification
sherif_ali76
No ratings yet
Lecture 1 2
Document40 pages
Lecture 1 2
Muhammad Sohaib Shahid
No ratings yet
Java Servlets 110317050338 Phpapp01 PDF
Document58 pages
Java Servlets 110317050338 Phpapp01 PDF
Alebachew Yazew
No ratings yet
PXT E6621A Demonstration Guide Version 25
Document81 pages
PXT E6621A Demonstration Guide Version 25
Vitthal Kodgirwar
No ratings yet
(Do lãnh đạo HĐ chấm thi ghi) Bằng số Bằng chữ GK1 GK2: Đ Ề C H Í N H T H Ứ C
Document4 pages
(Do lãnh đạo HĐ chấm thi ghi) Bằng số Bằng chữ GK1 GK2: Đ Ề C H Í N H T H Ứ C
thuhuyenk58a
No ratings yet