ieee 802.1x – Person authentication failure utilizing FreeRADIUS and dot1x

By
codesanitize
-
0
19
ieee 802.1x – Person authentication failure utilizing FreeRADIUS and dot1x


1. Targets

□ Set up FreeRADIUS on CentOS(steam 9) to carry out Cisco system authentication

□ Carry out dot1x authentication on all ports of the swap

□ Carry out authentication by connecting a laptop computer to the swap

CentOS(203.230.7.2) – Cisco 2960 Change(203.230.7.254) – Cisco 2800 Collection Router(gig0/0 : 203.230.7.1, gig0/1: 203.230.8.1) – Home windows 10 PC(203.230.8.2)

2. Present state of affairs and points

□ Accomplished Cisco gear authentication after finishing FreeRADIUS set up on CentOS

□ Accomplished dot1x authentication on all ports of the Change

  • Accomplished ping check from Change to CentOS and Router

□ Authentication failed when performing authentication by connecting a laptop computer to the Change

3. FreeRADIUS Settings

□ /and so on/raddb/purchasers.conf

consumer router{

ipaddr = 203.230.7.1

secret = mycisco

shortname = router

}

consumer swap{

ipaddr = 203.230.7.254

secret = mycisco

shortname = swap

}

consumer laptop computer{

ipaddr = 203.230.7.4

secret = mycisco

shortname = laptop computer

}

□ /and so on/raddb/customers

check Cleartext-Password := “check”

□ Firewall Setting

sudo firewall-cmd –add-port=1812/udp –permanent

sudo firewall-cmd –add-port=1813/udp –permanent

sudo firewall-cmd –reload

sudo firewall-cmd –list-ports

□ SELinux Setting

sudo semanage port –a –t radius_port_t –p udp 1812

sudo semanage port –a –t radius_port_t –p udp 1813

4. Router Setting

username admin privilege 15 password 0 cisco123

int gig0/0

ip add 203.230.7.1 255.255.255.0

no sh

exit

int gig0/1

ip add 203.230.8.1 255.255.255.0

no sh

exit

aaa new-model

radius-server host 203.230.7.2 auth-port 1812 acct-port 1813 key mycisco

aaa authentication login default group radius native

aaa authorization exec default group radius native

aaa accounting exec default start-stop group radius

check aaa group radius testuser testpassword legacy

5. Change Setting

username admin privilege 15 password 0 cisco123

vlan 1

title Authenticated

exit

vlan 100

title Unauthenticated

exit

int vlan 1

ip add 203.230.7.254 255.255.255.0

no sh

exit

aaa new-model

radius-server host 203.230.7.2 auth-port 1812 acct-port 1813 key mycisco

aaa authentication login default group radius native

aaa authorization exec default group radius native

aaa accounting exec default start-stop group radius

aaa authorization community default group radius

aaa authentication dot1x default group radius

dot1x system-auth-control

int vary fa0/1-24

switchport mode entry

switchport entry vlan 1

authentication port-control auto

dot1x pae authenticator

dot1x timeout tx-period 5

dot1x max-req 3

exit

int vary fa0/1-4

dot1x port-control force-authorized

exit

int vary fa0/5-24

dot1x guest-vlan 100

authentication occasion fail motion authorize vlan 100

authentication occasion no-response motion authorize vlan 100

authentication host-mode multi-auth

LEAVE A REPLY

Please enter your comment!
Please enter your name here