Ruijie Community

Title: How to enable 802.1X wired authentication for ruijie switches? [Print this page]

Author: zhangqiao@ruiji Time: 2024-12-25 13:52
Title: How to enable 802.1X wired authentication for ruijie switches?
Introduction to 802.1X wired authentication

IEEE 802.1X authentication provides an additional security barrier for your intranet that you can use to prevent guest, rogue, or unmanaged computers that cannot perform a successful authentication from connecting to your intranet.
For the same reason that administrators deploy IEEE802.1X authentication for IEEE 802.11 wireless networks—enhanced security—network administrators want to implement the IEEE 802.1X standard tohelp protect their wired network connections. Just as an authenticated wireless client must submit a set of credentials to be validated before being allowed to send wireless frames to the intranet, an IEEE 802.1X wired client must also perform authentication prior to being able to send traffic over its switch port.
We all know that it's easy to deploy wired 802.1X authentication for NBS series switches. You can simply configure it in our Ruijie Cloud management page, but Cloud doesn't support configuring RGOS switches.
Let's find out how to configure wiredauthentication for RGOS switches!

It's pretty simple and straight forward to configure wired 802.1X authentication using NBS switch withReyeeOS.

Applied scenarios

User using wired to connect to access switch needs authentication to access network.
Case of configuration

a) Requirement

Ruijie switches with RGOS system
c) Configuration

1.After entering command line interface, type enable to enter privillege mode, then type configuration terminal to enter configuring mode.

2.Make sure your RADIUS server is reachable. You canuse a command-line tool for checking connectivity.
If your server is accessible though the Internet, you can try an online RADIUS test tool like the link below.
https://idblender.com/tools/test-radius#087d9867-d426-499d-a5e1-fd490909f60b

If Stdout results show Access-Accept, that indicates your RADIUS server is running normally.
For RADIUS server in local network scenario, you can use radtest -t pap USERNAME PASSWORD' RADIUS-Server-IP:1812' 0 SECRET.
Its output should be like:

  SQL

Sent  Access-Request Id 172 from 0.0.0.0:54087 to RADIUS-Server-IP: 1812 length 77
      User-Name =  "USERNAME"
      User-Password =  "PASSWORD"
      NAS-IP-Address = 172.21.0.5
      NAS-Port = 0
      Message-Authenticator = 0x00
      Cleartext-Password =  "SECRET"
  Received Access-Accept  Id 172 from RADIUS-Server-IP:1812  to 172.21.0.5:54087 length 20

Also, Access-Accept indicates your RADIUS server i srunning normally.
3. Configuring 802.11X authentication for theswitch's Gi0/20 port.

Ruijie# configure terminal

Ruijie(config)# aaa new-model

//Add RADIUS server to server list

Ruijie(config)# radius-server host RADIUS-SERVER-IPkey SERVER-KEY

//By default, using RADIUS to authenticate, if noneof RADIUS servers are reachable, fallback to local authentication

Ruijie(config)# aaa authentication dot1x defaultgroup radius local

//Define a user for fallback

Ruijie(config)# username fallback password fallback

//Enter the interface that downlink device needsdot1x authentication

Ruijie(config)# interface GigabitEthernet 0/20

Ruijie(config-if)# dot1x port-control auto

Ruijie(config-if)# end

Ruijie#

After configuring that, you can plugged the switch'sGi0/20 port with the Windows laptop, let's try if it can work.
Enter Ethernet setting page of Windows 11

You can see a prompt here,click Edit

Enable IEEE802.1X authentication, then edit configuration

Choose authentication method
EAP method: Protected EAP (PEAP)
Authentication method: Secure password (EAP-MACHAPv2)

After done that, click Sign in

After entering the username and password of your RADIUS server, you are able to use your network then.

Welcome to Ruijie Community (https://community.ruijienetworks.com/)