Only the parameters which are changing listed, the other parts of the file should be leaved intact. /private/etc/raddb/attrs … DEFAULT Tunnel-Type == VLAN, Tunnel-Medium-Type == IEEE-802, Tunnel-Private-Group-Id =* ANY, … /private/etc/raddb/radiusd.conf … max_request = 16384 proxy_requests = no $INCLUDE clients.conf … /private/etc/raddb/eap.conf … default_eap_type = peap #gtc […]
Daily Archives: January 11, 2017
802.1x supplicants can be monitored and logged with mySQL and a simple php code. “Allow network connection” permission is required for mySQL connection. mySQL root password also can be asssinged at this moment. from mySQL CLI interface an additional configuration is required as written below: servername root#mysql –uroot –pabc123 mysql>CREATE DATABASE radius; […]
Log management with mySQL for 802.1x
With 802.1x authentication you can easily assign VLANs to authenticated users, but configuring QoS, IP ACLs or Rate limits for supplicant ports can be very challenging. QoS and IP ACL setting can be configured on demand. Using this method will eliminate the configuration of switches for QoS, Rate limiting […]
Sending QoS, Rate Limit and IP ACL to HPE Aruba ...
MAC IDs can be used as an alternate authentication. On most of the vendors LAN switches, it is possible to use MAC authentication even 802.1x port based authentication is enabled on the same physical port. But Unauthenticated-VID can only configurable for MAC authentication most of the time. In case of a successful […]
MAC authentication with free radius
The openLDAP schema need to be extended for some attributes those are not exist in default schema. After the schema extention, If you are using MAC OSX server, you can use “inspector mode” to assign VLANs to your users directly from server admin GUI with radiusTunnelPrivateGroupId attribute. During authentication process a LDAP […]
OpenLDAP scheme extension for 802.1x dynamic VLAN assignment
There are tools to create a Certification Authority and processing certificates in OpenSLL installation. Below you can find the steps to create a CA, a Radius server certificate and an IP Phone certificate. If your IP phones have no real time clock, you can change your servers clock temporarly to […]