Reference11r2:Interfaces/ETH/802.1X: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m (correcting proxy logoff mechanism) |
||
(3 intermediate revisions by 3 users not shown) | |||
Line 3: | Line 3: | ||
* '''Password''' Enter the shared secret for the MD5 challenge/response handshake. | * '''Password''' Enter the shared secret for the MD5 challenge/response handshake. | ||
;'''EAP-TLS''': | ;'''EAP-TLS''': | ||
The EAP-MD5 settings are going to reused for EAP-TLS needs. I.e. there's currently no extra setting for EAP-TLS. The configuration for an actual certificate, being fed into the EAP-TLS session, can be found at ''General/Certificates/Device Certificate''. | |||
* '''User''' Enter the user/identity<ref>EAP-TLS doesn't mandate that identity to necessarily be the same as the certificates subject/CN</ref> to be sent within the EAP Identity request.<ref name="user-pw">A non-empty user/password just serves as an "on"-switch</ref> | * '''User''' Enter the user/identity<ref>EAP-TLS doesn't mandate that identity to necessarily be the same as the certificates subject/CN</ref> to be sent within the EAP Identity request.<ref name="user-pw">A non-empty user/password just serves as an "on"-switch</ref> | ||
* '''Password''' Enter arbitrary content.<ref name="user-pw"/> | * '''Password''' Enter arbitrary content.<ref name="user-pw"/> | ||
* '''General/Certificates/Device Certificate''' | * '''General/Certificates/Device Certificate''' | ||
;'''Proxy-Logoff''': | ;'''Proxy-Logoff''': | ||
If the phone's | If the phone's PC-port got disconnected, EAPOL-Logoff messages are going to be sent on behalf of participants that were connected to the phone's PC-port. | ||
An EAPOL-Logoff will be sent for each MAC-address learned from traversing EAPOL-Start messages. | An EAPOL-Logoff will be sent for each MAC-address learned from traversing EAPOL-Start messages. | ||
=Notes= | =Notes= | ||
<references/> | <references/> | ||
=Related Articles= | |||
[[Concept_802.1X|Concept 802.1X]] | [[Concept_802.1X|Concept 802.1X]] | ||
[[Howto:802.1X_EAP-TLS_With_FreeRadius|Howto article: 802.1X EAP-TLS With FreeRadius]] | [[Howto:802.1X_EAP-TLS_With_FreeRadius|Howto article: 802.1X EAP-TLS With FreeRadius]] | ||
[[Howto:Security_works_with_innovaphone#802.1X_port_security|Howto article:Security_works_with_innovaphone]] |
Latest revision as of 16:13, 10 September 2021
- EAP-MD5
- User Enter the user/identity to authenticate with.
- Password Enter the shared secret for the MD5 challenge/response handshake.
- EAP-TLS
The EAP-MD5 settings are going to reused for EAP-TLS needs. I.e. there's currently no extra setting for EAP-TLS. The configuration for an actual certificate, being fed into the EAP-TLS session, can be found at General/Certificates/Device Certificate.
- User Enter the user/identity[1] to be sent within the EAP Identity request.[2]
- Password Enter arbitrary content.[2]
- General/Certificates/Device Certificate
- Proxy-Logoff
If the phone's PC-port got disconnected, EAPOL-Logoff messages are going to be sent on behalf of participants that were connected to the phone's PC-port. An EAPOL-Logoff will be sent for each MAC-address learned from traversing EAPOL-Start messages.