i want to configure a linux as gateway (dhcp and nat) and i would like to add 802.1x as authentication protocol. My question is, i remember in the past, that it has a strong connection with the port (read physical port) it means, if I have a switch connected to my FW and the first use authenticate on that, it means that all other uses on this switch (or all traffic that comes from this port), will be authenticated.. is that true?
Asked
Active
Viewed 1,106 times
2 Answers
1
I'd have to disagree with tk.Simon, 802.1x was designed with switches in mind.
For 802.1x to work properly. you can have only one device connected to switch port, if you need more ports you need more switches that can be RADIUS clients, without switches that support 802.1x authentication you can't have 802.1x in your network.
The authentication is port based, so if you stack switches, you can set port to not require authentication, on every switch it will be at least uplink to backbone/server and links to other switches.
There were moves to introduce client based authentication, but AFAICR no switch on the market or only very high end switches supported it. It could have been deemed insecure, can't remember details at the moment.
Hubert Kario
- 6,351
- 6
- 33
- 65
0
sadly this will not work... (well, maybe it would, but for someone who knows what he wants and how to get it, it would be easy to bypass)
reference: http://de.narkive.com/2010/9/11/2608887-802-1x-iptables.html
furthermore, the authenticator usually/by design is a switch/router, not a machine
802.1x is designed for WLAN
fholzer
- 529
- 1
- 3
- 9