> Hello,
>
> It's not specially a question about freeradius but for
> for experts like you in 802.1x ;)
>
> I read this document http://www.cs.umd.edu/~waa/1x.pdf
> It said that 802.1x has a flaw : man in the middle attack
> Does it true or is the document deprecated ?
>
> I have another question :
http://www.missl.cs.umd.edu/wireless/eaptls/
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
http://www.freeradius.org/doc/EAPTLS.pdf
Try google search, there's many other HOWTO
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thx to all,
Here's the soluce :
In cisco switch conf I've forgoten "aaa authorization network default
group radius" wich is used for all network-related services such as VLAN
assignment.
The correct Freeradius user conf :
Login Auth-Type := EAP, User-Password == "password"
yes this attribute is accepted an needed by Cisco switch :
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008014f342.html
It's for IOS 12.1 on cisco 3550.
Your link is for IOS 12.2
> Is attribute Tunnel-Private-Group-ID really supported by Cisco ?
> [EMAIL PROTECTED] wrote:
>> Thx David, i've tried your config, but freeradius doesn't accept
>> "IEEE-802" value attibute for Tunnel-Medium-Type, it needs only "802".
>
> No. It will interpret the "802" as a number. Use IEEE-802.
Sorry Alan, but here's the log when conf is "Tunnel-Medium-T
>>
> [EMAIL PROTECTED] 4/9/2004 6:48:41 AM >>>
>>
>>> I use 802.1x/EAP_MD5 with user as xsupplicant, switch cisco 3550,
>>> freeradius server. It works very well, but now I need to assign
>> dynamic
>>> vlan to authenticated user.
>>> I 've update my Freeradius "users" file with this parameters
>
[EMAIL PROTECTED] 4/9/2004 6:48:41 AM >>>
>
>> I use 802.1x/EAP_MD5 with user as xsupplicant, switch cisco 3550,
>> freeradius server. It works very well, but now I need to assign
> dynamic
>> vlan to authenticated user.
>> I 've update my Freeradius "users" file with this parameters asked
>
Hi all,
Thank you Alan for your last answer. Here's a new qusetion.
I use 802.1x/EAP_MD5 with user as xsupplicant, switch cisco 3550,
freeradius server. It works very well, but now I need to assign dynamic
vlan to authenticated user.
I 've update my Freeradius "users" file with this parameters as
Hi all,
You are right Guy, Aoun confused between supplicant and authenticator.
Yesterday I've given the EAP md5 conf for "xsupplicant.conf" wich is the
file config of the user and not the freeradius server, in freeradius for
the simplest config you can let the radiusd.conf as default, just edit
"u
Hi all,
Sorry to disturb you with this question.
I don't understand the concept of "REALM" in proxy freeradius config.
I know domain, network, subnet, vlan etc..but in french realm is synonym
of kingdom wich is not a network concept.
Thx
Fred
-
List info/subscribe/unsubscribe? See http://www.f
Hi,
If you want to try 802.1x with EAP MD5 (it's the easiest to configure),
you have to put on your user (laptop) config three parameters:
Identification : ID = login
Authentication : Username = login , User_Pass = password.
Here's Xsupplicant(user) minimal config for EAP MD5 :
mynetwork {
Hi,
To configure your switch, read this before :
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2970/12218se/2970scg/sw8021x.htm
It's very easy to configure.
After you have to modify files "clients.conf" and "user" in freeradius
conf directory .../raddb/. There are examples include in th
Hi all,
I'm new user of linux and freeradius, here's my config(802.1x with EAPOL
on a wired link) : xsupplicant, cisco 3550, freeradius.
Connections beetween this three parts are ok, but after the
"identification" step, with login OK on the radius, I don't know how to
send the password in EAP MD5
13 matches
Mail list logo