Selamat datang di Scribd!

802.1X Configuration Guide

Diunggah oleh

0% menganggap dokumen ini bermanfaat (0 suara)

77 tayangan28 halaman

This document provides an overview of configuring 802.1X authentication using RADIUS servers. It discusses the EAP protocol, threats like man-in-the-middle attacks that 802.1X addresses, and how RADIUS functions as a client-server model for authentication. The document also gives examples of configuring the RADIUS server Radiator, as well as Cisco access points and switches, to implement 802.1X authentication with traffic separation using different VLANs for guests, students, and employees.

Deskripsi Asli:

Judul Asli

802.1x

Hak Cipta

Format Tersedia

PPT, PDF, TXT atau baca online dari Scribd

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Laporkan Dokumen Ini

Hak Cipta:

Attribution Non-Commercial (BY-NC)

Format Tersedia

Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

0% menganggap dokumen ini bermanfaat (0 suara)

77 tayangan28 halaman

802.1X Configuration Guide

Diunggah oleh

pero27

Hak Cipta:

Attribution Non-Commercial (BY-NC)

Format Tersedia

Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

Lompat ke Halaman

Anda di halaman 1dari 28

Cari di dalam dokumen

802.

1X Configuration

Terena 802.1X workshop

the Netherlands, Amsterdam, March 30th

Paul Dekkers

Overview

EAP

What makes EAP flexible

Man-in-the-Middle attack
Thats why we need a good EAP mechanism!

RADIUS proxy-ing

RADIUS
Client-Server model
Authenticator is a RADIUS client Authentication-server is the RADIUS server RADIUS server can be a client as well

RADIUS whats in the packet

UDP, ports 1645/1646 or 1812/1813 Mind the firewall! Attributes, like User-Name, User-Password, EAP-Message Shared Secret

RADIUS and REALMS

Use well-chosen realms: preferably like an e-mail address, user@institution.ccTLD Important with PROXY-ing

Guest Access

Traffic separation without 1x

Traffic separation with 1x

Supplicant

Authenticator (AP or switch)

RADIUS server University X User DB

RADIUS server SURFnet office User DB

Guest Paul.Dekkers@surfnet.nl

Internet Guest VLAN Students VLAN

Employee VLAN

Central RADIUS proxy server

Traffic separation with 1x

Hands-on setup

Configuration:

Radiator
Linear Global configuration
AuthPort 1812 AcctPort 1813 LogDir /var/log/radius DbDir /etc/radiator

Clients Handlers
15

Configuration:

Radiator
RADIUS Clients
<Client 192.168.1.2> Secret 6.6obaFkm&RNs666 Identifier AP1 IdenticalClients 192.168.1.3, 192.168.1.4 </Client>

Configuration:

Radiator
<Handler Realm=surfnet.nl> <AuthBy FILE> Filename users </AuthBy> </Handler>

Configuration:

Radiator
<Handler Realm=surfnet.nl> <AuthBy FILE> Filename users EAPType TTLS, PEAP, MSCHAP-V2 EAPTLS_CAFile root-ca.pem EAPTLS_CertificateFile server.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile private.pem EAPTLS_PrivateKeyPassword secret EAPTLS_MaxFragmentSize 1024 AutoMPPEKeys </AuthBy> </Handler>

Configuration:

Radiator
<Handler Realm=surfnet.nl, Request-Type=Accounting-Request> # Accept, and log </Handler> <Handler Realm=surfnet.nl, TunnelledByTTLS=1> # PAP </Handler> <Handler Realm=surfnet.nl, TunnelledByPEAP=1> # EAP-MSCHAPv2 </Handler> <Handler Realm=surfnet.nl> # EAP-TTLS and EAP-PEAP </Handler>

Configuration:

Radiator, Identifiers and Catch-all

<AuthBy RADIUS> Identifier SURFNET-PROXY Host radius-proxy.surfnet.nl Secret Sdfg8WeR98r09d8fg AuthPort 1812 AcctPort 1813 </AuthBy> <Handler> AuthBy SURFNET-PROXY </Handler>

RADIUS proxy-loop
Good configuration is more complex, often lacks in prevention for proxy-loops

Configuration:

Access-Point

Cisco AP - RADIUS
AP1(config)#aaa new-model aaa group server radius rad_eap server 192.87.116.63 auth-port 1812 acct-port 1813 aaa authentication login eap_methods group rad_eap aaa accounting network acct_methods start-stop group rad_acct radius-server host 192.87.116.63 auth-port 1812 acct-port 1813 key X

Cisco AP - Wireless Interface

AP1(config)#interface dot11Radio 0 AP1(config-if)#encryption mode ciphers wep40 AP1(config-if)#broadcast-key change 1800 AP1(config-if)#no ssid tsunami AP1(config-if)#ssid SURFnet AP1(config-if-ssid)#authentication open eap eap_methods AP1(config-if-ssid)#guest-mode AP1(config-if-ssid)#^Z

Cisco switch enable RADIUS

Switch# configure terminal Switch(config)# aaa new-model Switch(config)# radius-server host 192.168.100.1x auth-port 1812 key <secret>

Cisco switch enable 802.1x

Switch(config)# aaa authentication dot1x default group radius Switch(config)# dot1x system-auth-control Switch(config)# interface fastethernet0/1 Switch(config-if)# spanning-tree portfast Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 Switch(config-if)# dot1x port-control auto Switch(config-if)# end Switch(config-if)# dot1x guest-vlan 60

Windows and wired 802.1x

Extra in hands-on
Configuration of VLANs: Can you enable roaming with another group? Can you create an SSID for users without 802.1x?

Anda mungkin juga menyukai

Changing ISP For Checkpoint Firewall
Dokumen16 halaman
Changing ISP For Checkpoint Firewall
ganesh
100% (1)
IBM Security QRadar SIEM A Complete Guide - 2021 Edition
Dari Everand
IBM Security QRadar SIEM A Complete Guide - 2021 Edition
Gerardus Blokdyk
Belum ada peringkat
PaloAlto Firewall Interview Questions Net Tech Latest
Dokumen12 halaman
PaloAlto Firewall Interview Questions Net Tech Latest
ADITYA KAUSHIK
Belum ada peringkat
4.6.6.5 Lab - Using Wireshark To Examine HTTP and HTTPS Traffic
Dokumen8 halaman
4.6.6.5 Lab - Using Wireshark To Examine HTTP and HTTPS Traffic
Sindhu
Belum ada peringkat
Cisco UCCX A Clear and Concise Reference
Dari Everand
Cisco UCCX A Clear and Concise Reference
Gerardus Blokdyk
Belum ada peringkat
UCCE RONA Feature Overview with IP-IVR and CVP
Dokumen7 halaman
UCCE RONA Feature Overview with IP-IVR and CVP
Hardik Jadav
Belum ada peringkat
En81 28
Dokumen16 halaman
En81 28
sadsa
100% (3)
Huawei GPON Basic Knowledge Training Data PDF
Dokumen53 halaman
Huawei GPON Basic Knowledge Training Data PDF
Chainmer Chain
Belum ada peringkat
VRNC Proposal v0-1 PDF
Dokumen13 halaman
VRNC Proposal v0-1 PDF
keyvan
0% (1)
Radius Server PDF
Dokumen10 halaman
Radius Server PDF
a_ravines
Belum ada peringkat
Lab 3 - AAA Authentication On Cisco Routers - Instrucciones
Dokumen6 halaman
Lab 3 - AAA Authentication On Cisco Routers - Instrucciones
Felipe Andres Oyarzun Quiroz
Belum ada peringkat
Server 2008 NAT Network Address Translation
Dokumen12 halaman
Server 2008 NAT Network Address Translation
Paul
100% (1)
VoIP in RouterOS PDF
Dokumen15 halaman
VoIP in RouterOS PDF
Naz Lun
Belum ada peringkat
Mikrotik HTTPS PDF
Dokumen20 halaman
Mikrotik HTTPS PDF
Vladan Colakovic
Belum ada peringkat
Tls Wireshark PDF
Dokumen30 halaman
Tls Wireshark PDF
Shashank Polasa
Belum ada peringkat
Firewall Lab
Dokumen3 halaman
Firewall Lab
Kevin Cleaner
Belum ada peringkat
MikroTik Certified Network Associate (MTCNA) Training in Kolkata
Dokumen340 halaman
MikroTik Certified Network Associate (MTCNA) Training in Kolkata
Naveenkarthick Prasannamoorthy
Belum ada peringkat
12.1.1.7 Lab - Snort and Firewall Rules PDF
Dokumen9 halaman
12.1.1.7 Lab - Snort and Firewall Rules PDF
Interesting facts Channel
Belum ada peringkat
Packet filter with iptables lab
Dokumen2 halaman
Packet filter with iptables lab
KurobaKaito
Belum ada peringkat
Ccnasv1.1 Chp10 Lab D Asa Isr s2s VPN Student
Dokumen36 halaman
Ccnasv1.1 Chp10 Lab D Asa Isr s2s VPN Student
muscle26
0% (1)
CCNA Security Lab 14 - Cisco IOS SYSLOG and SNMP Configuration - CLI
Dokumen12 halaman
CCNA Security Lab 14 - Cisco IOS SYSLOG and SNMP Configuration - CLI
velramsen
Belum ada peringkat
Linux Lab 21 Firewall Definitions
Dokumen1 halaman
Linux Lab 21 Firewall Definitions
smile4ever54
100% (1)
Configure Packet Sniffer MikroTik RouterOS
Dokumen2 halaman
Configure Packet Sniffer MikroTik RouterOS
itsmenow
Belum ada peringkat
4.4.1.1 Lab - Configuring Zone-Based Policy Firewalls - Instructor
Dokumen35 halaman
4.4.1.1 Lab - Configuring Zone-Based Policy Firewalls - Instructor
Lupita Vázquez
Belum ada peringkat
LAB RPT Site-Site IPSec
Dokumen11 halaman
LAB RPT Site-Site IPSec
v4meet
Belum ada peringkat
Lab Sous Gns3-Configuring A Site-To-Site Ipsec VPN Using CCP and Asdm
Dokumen31 halaman
Lab Sous Gns3-Configuring A Site-To-Site Ipsec VPN Using CCP and Asdm
aboubakeriam djibirldarar
Belum ada peringkat
High Availability Network Services Using Mikrotik Routeros: by Martin Pína
Dokumen19 halaman
High Availability Network Services Using Mikrotik Routeros: by Martin Pína
Ahmad AL
Belum ada peringkat
ROUTE Chapter 6 - CCNP ROUTE (Version 6.0)
Dokumen11 halaman
ROUTE Chapter 6 - CCNP ROUTE (Version 6.0)
AS2205
100% (4)
Basic Configuration With Mikrotik Cli: Bdnog11
Dokumen25 halaman
Basic Configuration With Mikrotik Cli: Bdnog11
Cristopher Alejandro Torres Montepeque
Belum ada peringkat
Lightweight Directory Access Protocol (LDAP)
Dokumen2 halaman
Lightweight Directory Access Protocol (LDAP)
Dayakar Merugu
Belum ada peringkat
Cisco ISE Compliance
Dokumen73 halaman
Cisco ISE Compliance
shadab umair
Belum ada peringkat
Port Security Questions: Answer
Dokumen28 halaman
Port Security Questions: Answer
Hoai Duc Hoang
Belum ada peringkat
ESA-Resources Cheat Sheet
Dokumen5 halaman
ESA-Resources Cheat Sheet
Sanjin Zuhric
Belum ada peringkat
Netscreen - VPN Troubleshooting.
Dokumen31 halaman
Netscreen - VPN Troubleshooting.
Amandeep Singh
Belum ada peringkat
Cryptography
Dokumen20 halaman
Cryptography
Srilekha Rajakumaran
Belum ada peringkat
Guide to Configuring iptables Firewall Rules
Dokumen12 halaman
Guide to Configuring iptables Firewall Rules
Anderson Romero Chávez
Belum ada peringkat
Cisco 1921 Series Router Datasheet
Dokumen8 halaman
Cisco 1921 Series Router Datasheet
Meela Zeng
Belum ada peringkat
Ccie Sec Written Jan 20 - Full Pool
Dokumen571 halaman
Ccie Sec Written Jan 20 - Full Pool
Serge Bessé
Belum ada peringkat
Snort IPS Tutorial
Dokumen9 halaman
Snort IPS Tutorial
sadjoker1
100% (1)
Firewall Configuration and Testing
Dokumen10 halaman
Firewall Configuration and Testing
sajisha123
Belum ada peringkat
Manual RoMON
Dokumen3 halaman
Manual RoMON
Namdher Colmenares
Belum ada peringkat
Setup Cisco SNMPv3 Via CLI
Dokumen6 halaman
Setup Cisco SNMPv3 Via CLI
Daniel Huber
Belum ada peringkat
Routeurs Cisco, Mise en Œuvre de BGP: 1) Introduction Au Protocole BGP
Dokumen2 halaman
Routeurs Cisco, Mise en Œuvre de BGP: 1) Introduction Au Protocole BGP
Anonymous k2SY4zdI3
Belum ada peringkat
Configuring F5 LTM For Cisco ISE Load Balancing
Dokumen65 halaman
Configuring F5 LTM For Cisco ISE Load Balancing
Phyo Min Tun
0% (1)
20-Troubleshooting Basic Network Services II
Dokumen19 halaman
20-Troubleshooting Basic Network Services II
mansoorali_af
Belum ada peringkat
Lab - Use Wireshark To View Network Traffic
Dokumen6 halaman
Lab - Use Wireshark To View Network Traffic
Ayeyi Mills-Robertson
Belum ada peringkat
FreeRadius MAC Auth for Netgear APs
Dokumen4 halaman
FreeRadius MAC Auth for Netgear APs
frank
Belum ada peringkat
CheckPoint Firewall Interview Questions
Dokumen4 halaman
CheckPoint Firewall Interview Questions
Moe Kaungkin
Belum ada peringkat
Configuring Cisco Switch and Router
Dokumen23 halaman
Configuring Cisco Switch and Router
Amourtaha Usi
Belum ada peringkat
Script Miktotik Full Jos Pokoknya
Dokumen26 halaman
Script Miktotik Full Jos Pokoknya
Dtodo fco
Belum ada peringkat
Mikrotik VRRP and Load Sharing
Dokumen12 halaman
Mikrotik VRRP and Load Sharing
Carlos
Belum ada peringkat
10.2.1.9 Lab - Configure A Site-to-Site IPsec VPN Using ISR CLI and ASA 5506-X ASDM
Dokumen16 halaman
10.2.1.9 Lab - Configure A Site-to-Site IPsec VPN Using ISR CLI and ASA 5506-X ASDM
eliza
Belum ada peringkat
NetMinion LTM Training Confidential Info
Dokumen10 halaman
NetMinion LTM Training Confidential Info
Dhananjai Singh
Belum ada peringkat
9.3.1.2 CCNA Skills Integration Challenge
Dokumen7 halaman
9.3.1.2 CCNA Skills Integration Challenge
CristianFelipeSolarteOrozco
100% (1)
AB - CCNA Voice Quick Reference Guide
Dokumen31 halaman
AB - CCNA Voice Quick Reference Guide
Srdjan Milenkovic
Belum ada peringkat
9.4.1.2 Lab - Configuring ASA Basic Settings and Firewall Using ASDM - Instructor
Dokumen47 halaman
9.4.1.2 Lab - Configuring ASA Basic Settings and Firewall Using ASDM - Instructor
Salem Trabelsi
Belum ada peringkat
WLAN Security: Examining EAP and 802.1x Authentication
Dokumen89 halaman
WLAN Security: Examining EAP and 802.1x Authentication
Matt Hudson
100% (1)
Mtcna PDF
Dokumen683 halaman
Mtcna PDF
Anisa Nur Khovivah
Belum ada peringkat
Installing FreeRADIUS
Dokumen11 halaman
Installing FreeRADIUS
timothysylvester
Belum ada peringkat
Configuring Site To Site IPSec VPN Tunnel Between Cisco Routers
Dokumen6 halaman
Configuring Site To Site IPSec VPN Tunnel Between Cisco Routers
kymk21
Belum ada peringkat
Mikrotik Hotspot
Dokumen39 halaman
Mikrotik Hotspot
calinp72
Belum ada peringkat
Kaspersky security center
Dari Everand
Kaspersky security center
Mohammed Haytham Khabbaz samkary
Belum ada peringkat
Cisco Certified Security Professional A Complete Guide - 2020 Edition
Dari Everand
Cisco Certified Security Professional A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
IPsec VPN A Complete Guide - 2019 Edition
Dari Everand
IPsec VPN A Complete Guide - 2019 Edition
Gerardus Blokdyk
Belum ada peringkat
Alcatel-Lucent 7450 - ESS - MDA-XP - Datasheet PDF
Dokumen4 halaman
Alcatel-Lucent 7450 - ESS - MDA-XP - Datasheet PDF
Wahyu Bayu Aji
Belum ada peringkat
Long Range Fixed Wireless Access for Voice & Data up to 720km
Dokumen2 halaman
Long Range Fixed Wireless Access for Voice & Data up to 720km
Anonymous smdEgZN2Ie
Belum ada peringkat
AdHoc Networks
Dokumen34 halaman
AdHoc Networks
Decent Nil
Belum ada peringkat
AoDV Thesis Scientist
Dokumen22 halaman
AoDV Thesis Scientist
hoohaah
Belum ada peringkat
Ati X510series Ds PDF
Dokumen10 halaman
Ati X510series Ds PDF
Claudio Vinicios Santos Hugo
Belum ada peringkat
LTE - RL40-CIQ - Netone (2-Mod 1)
Dokumen197 halaman
LTE - RL40-CIQ - Netone (2-Mod 1)
Boby Sharif
Belum ada peringkat
Huawei Training Guide
Dokumen5 halaman
Huawei Training Guide
diporufai
Belum ada peringkat
Computer Networks Slides
Dokumen60 halaman
Computer Networks Slides
scribddownloaded
Belum ada peringkat
S5P2 Yvonne Umutoni
Dokumen14 halaman
S5P2 Yvonne Umutoni
Edy Budiman
Belum ada peringkat
Highly Integrated S Band Transmitter For Pico and Nano Satellites
Dokumen4 halaman
Highly Integrated S Band Transmitter For Pico and Nano Satellites
FUUUU
Belum ada peringkat
Kpi Lte
Dokumen1.024 halaman
Kpi Lte
raj1978enator
Belum ada peringkat
Literature Survey On Wireless Sensor Networks: Pavlos Papageorgiou July 16, 2003
Dokumen17 halaman
Literature Survey On Wireless Sensor Networks: Pavlos Papageorgiou July 16, 2003
Raghavendra Rakesh
Belum ada peringkat
IFHO Optimization: Radio Network Optimization - Cairo Team
Dokumen14 halaman
IFHO Optimization: Radio Network Optimization - Cairo Team
riama
Belum ada peringkat
Tu 3bp 02a 0515
Dokumen52 halaman
Tu 3bp 02a 0515
Emam Thulla
100% (1)
Compensation of Spectral Variations in Edfa Based Optical Fiber Communication
Dokumen33 halaman
Compensation of Spectral Variations in Edfa Based Optical Fiber Communication
Mahesh Kumar
Belum ada peringkat
NetApp HCI With Mellanox SN2010 Switch Quick Cabling Guide
Dokumen20 halaman
NetApp HCI With Mellanox SN2010 Switch Quick Cabling Guide
Juan Pedro Pablo Ameneiro Diaz
Belum ada peringkat
ZXA10 C320 Product Introduction
Dokumen9 halaman
ZXA10 C320 Product Introduction
cavangboi
100% (1)
Questions Answers - Network Security
Dokumen4 halaman
Questions Answers - Network Security
jenishcj
Belum ada peringkat
Chapter 7 Multiplexing Techniques PDF
Dokumen19 halaman
Chapter 7 Multiplexing Techniques PDF
raedapu
Belum ada peringkat
G.fast Certification Abstract Test Plan
Dokumen83 halaman
G.fast Certification Abstract Test Plan
chopanalvarez
Belum ada peringkat
Iris User Manual
Dokumen209 halaman
Iris User Manual
K Hari Lal
Belum ada peringkat
VXLAN Overview
Dokumen14 halaman
VXLAN Overview
Damilola Adebolu
Belum ada peringkat
Radio Management Products & Applications
Dokumen98 halaman
Radio Management Products & Applications
Alex Akinyemi
Belum ada peringkat
Cognitive Radio Introduction
Dokumen24 halaman
Cognitive Radio Introduction
sarada22
Belum ada peringkat
Cellular Networks - Past, Present and Future PDF
Dokumen14 halaman
Cellular Networks - Past, Present and Future PDF
anunila
Belum ada peringkat
Veltech Multitech DR - Rangarajan DR - Sakunthala Engineering College
Dokumen32 halaman
Veltech Multitech DR - Rangarajan DR - Sakunthala Engineering College
Rupesh Gsr
Belum ada peringkat