Requiring 802.1x login before allowing access to network resources

Posted by Calvin Froedge on Server Fault See other posts from Server Fault or by Calvin Froedge
Published on 2011-11-26T00:47:32Z Indexed on 2011/11/26 1:53 UTC
Read the original article Hit count: 557

Filed under:

freeradius

|

ubuntu-11.10

|

zyxel

I have a ZyXel GS2200-24 managed switch, and a free-radius server running on Ubuntu 11.10. Radius is configured and when I log into the switch the authentication goes through Radius.

Now, I'm trying to ensure that access to web resources (as an example, I set up a web server on the ip 192.168.1.2) requires first authenticating with radius, before the switch will allow the connection.

Am I correct that this should be handled at the switch level? What are these rules usually called / how are they usually defined?

© Server Fault or respective owner

Related posts about freeradius

Accounting setup in freeradius with mikrotik and the "always" module

as seen on Server Fault - Search for 'Server Fault'
I have a freeradius setup that is being used to provide authentication for users on a wireless network. The access points are all Mikrotik hardware and the users are connected 24/7. We've been using Daloradius with mysql and freeradius 2. The boss wants to use the accounting information and while… >>> More
Configuring WPA2-Enterprise with Freeradius

as seen on Server Fault - Search for 'Server Fault'
I'm trying to set up an authenticated wifi network with Freeradius. I've managed to get things working using self-signed certs etc. The problem is Windows clients need to uncheck the "Automatically use my windows logon name and password [etc.]" option in the MSCHAPv2 settings. When I connect to my… >>> More
Radius Authorization against ActiveDirectory and the users file

as seen on Server Fault - Search for 'Server Fault'
I have a problem with my freeradius server configuration. I want to be able to authenticate users against Windows ActiveDirectory (2008 R2) and the users file, because some of my co-workers are not listed in AD. We use the freeradius server to authenticate WLAN users. (PEAP/MSCHAPv2) AD Authentication… >>> More
Accounting setup in freeradius with mikrotik and the "always" module

as seen on Server Fault - Search for 'Server Fault'
I have a freeradius setup that is being used to provide authentication for users on a wireless network. The access points are all Mikrotik hardware and the users are connected 24/7. We've been using Daloradius with mysql and freeradius 2. The boss wants to use the accounting information and while… >>> More
Auth-Type :- Reject in RADIUS users file matches inner tunnel request but sends Access-Accept

as seen on Server Fault - Search for 'Server Fault'
I have WPA2 802.11x EAP authentication setup using FreeRADIUS 2.1.8 on Ubuntu 10.04.4 talking to OpenLDAP, and can successfully authenticate using PEAP/MSCHAPv2, TTLS/MSCHAPv2 and TTLS/PAP (both via the AP and using eapol_test). I am now trying to restrict access to specific SSIDs based on the LDAP… >>> More

Related posts about ubuntu-11.10

Install ubuntu-11.10-desktop-amd64 with Logitech diNovo Edge

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I know there are problems (and have been for quite some time) with the diNovo Edge keyboard. The solution could be found easily and often you can use the on-screen keyboard to fix it. Now I'm installing Ubuntu from scratch and the only keyboard I have is my diNovo, am I screwed? You are able to get… >>> More
initrd.lz is corrupted error occured while installing 11.10

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
C:\ubuntu\install\boot\initrd.lz is corrupted. Error pop-up comes up every time i am trying to install ubuntu-11.10-desktop-i386 using wubi. error comes when the installation process is almost completed. can anyone suggest a solution for this problem. Its occurring regularly. 03-19 18:01 DEBUG TaskList:… >>> More
cannt run phpunit tests on bash ubuntu 11.10

as seen on Super User - Search for 'Super User'
i'm working with ubuntu 11.10 as root on my local machine, i've installed xampp 1.7.7 and i'm a newbie to ubuntu, while following a tutorial on sitepoint(http://www.sitepoint.com/getting-started-with-pear/) on how to install pear to use PhpUnit, i didnt notice it then, but it seems that i installed… >>> More
Switched to xubuntu, unity theme wont go away

as seen on Super User - Search for 'Super User'
I got fed up with unity and decided to switch to xubuntu, following the instructions on this thread. Almost everything went well, and I'm much happier with the system. but the window borders from the unity theme are still being used, overriding the xubuntu themes. I've uninstalled all the unity stuff… >>> More
Error trying to get tmux 1.6 installed - E: Unable to locate package libevent

as seen on Super User - Search for 'Super User'
$ pwd $ /home/durrantm/Downloads/tmux-1.6 durrantm.../tmux-1.6$ ./configure && make checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes ... ... configure: error: "libevent not found" durrantm.../tmux-1.6$ sudo apt-get install libevent Reading… >>> More