Sunday, March 21, 2010

Misc 8

(This uses the topology found in Misc 3)
However, at times we may want to allow Windows clients to log in as well. Windows doesn't use PAP. Instead, we would have to use the various methods available such PEAP and MD5. By default, MD5 is already set up, so I'll walk you through authentication through MD5.

First, set up the router to use the radius as both the authentication and authorization source:
aaa authentication dot1x default group radius
aaa authorization network default group radius

Now, we must turn on dot1x. From global configuration, type:
dot1x system-auth-control

Now, go into any switchports and type in:
dot1x port-control auto

The keyword "auto" sets it to query the radius for authentication. The other options are force-authorized, or force-unauthorized.

Note that if you encounter any problems during set up, use "freeradius -X" to run in debug mode. Alternatively you can check in /var/log/freeradius/

Note that FreeRadius currently does not support any authentication in the SSL layer. This is due to certain licensing problems of the OpenSSL library. To fix this, you will have to manually rebuild the package.

No comments :

Post a Comment