|
Introduction to 802.1X wired authentication IEEE 802.1X authentication provides an additional security barrier for your intranet that you can use to prevent guest, rogue, or unmanaged computers that cannot perform a successful authentication from connecting to your intranet. For the same reason that administrators deploy IEEE802.1X authentication for IEEE 802.11 wireless networks—enhanced security—network administrators want to implement the IEEE 802.1X standard tohelp protect their wired network connections. Just as an authenticated wireless client must submit a set of credentials to be validated before being allowed to send wireless frames to the intranet, an IEEE 802.1X wired client must also perform authentication prior to being able to send traffic over its switch port. We all know that it's easy to deploy wired 802.1X authentication for NBS series switches. You can simply configure it in our Ruijie Cloud management page, but Cloud doesn't support configuring RGOS switches. Let's find out how to configure wiredauthentication for RGOS switches!  It's pretty simple and straight forward to configure wired 802.1X authentication using NBS switch withReyeeOS. Applied scenariosUser using wired to connect to access switch needs authentication to access network. Case of configuration a) Requirement Ruijie switches with RGOS system c) Configuration 1.After entering command line interface, type enable to enter privillege mode, then type configuration terminal to enter configuring mode.  2.Make sure your RADIUS server is reachable. You canuse a command-line tool for checking connectivity. If your server is accessible though the Internet, you can try an online RADIUS test tool like the link below. https://idblender.com/tools/test-radius#087d9867-d426-499d-a5e1-fd490909f60b  If Stdout results show Access-Accept, that indicates your RADIUS server is running normally. For RADIUS server in local network scenario, you can use radtest -t pap USERNAME PASSWORD' RADIUS-Server-IP:1812' 0 SECRET. Its output should be like:
3. Configuring 802.11X authentication for theswitch's Gi0/20 port. Ruijie# configure terminal Ruijie(config)# aaa new-model //Add RADIUS server to server list Ruijie(config)# radius-server host RADIUS-SERVER-IPkey SERVER-KEY //By default, using RADIUS to authenticate, if noneof RADIUS servers are reachable, fallback to local authentication Ruijie(config)# aaa authentication dot1x defaultgroup radius local //Define a user for fallback Ruijie(config)# username fallback password fallback //Enter the interface that downlink device needsdot1x authentication Ruijie(config)# interface GigabitEthernet 0/20 Ruijie(config-if)# dot1x port-control auto Ruijie(config-if)# end Ruijie# After configuring that, you can plugged the switch'sGi0/20 port with the Windows laptop, let's try if it can work. Enter Ethernet setting page of Windows 11  You can see a prompt here,click Edit  Enable IEEE802.1X authentication, then edit configuration  Choose authentication method EAP method: Protected EAP (PEAP) Authentication method: Secure password (EAP-MACHAPv2)  After done that, click Sign in  After entering the username and password of your RADIUS server, you are able to use your network then. |
This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.
More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.
©2000-2023 Ruijie Networks Co,Ltd
Level 6
