The 802.1x wire lab

-

Operation Summary

Today I tested 802.1x lab with cisco 2960 switch as Authenticator, DaloRadius as Authentication Server and Two window 7 clients as supplicant. Although EAP support different kind of authentication mechanisms, I use simple username and password authentication for lab.

Server configuration
Installing Free radius
[root@radius ~]# yum -y install freeradius freeradius-utils freeradius-mysql

Enable freeradius with below commands after successful installation.
[root@radius ~]# systemctl start radiusd
[root@radius ~]# systemctl enable radiusd

Check the service status
[root@radius ~]# systemctl status radiusd

Start and enable firewalld
[root@radius ~]# systemctl enable firewalld
[root@radius ~]# systemctl start firewalld
[root@radius ~]# systemctl status firewalld

Add permanent rules to default zone to allow radius service.
 [root@radius ~]# firewall-cmd --add-service=radius --permanent

Reload firewalld and confirm radius service was in default zone
[root@radius ~]# firewall-cmd –reload
[root@radius ~]# firewall-cmd --list-services --zone=public

Configure freeradius to create client and user for testing lab.
Add the subnet address to receive authentication requests (192.168.0.0/24) in “/etc/raddb/clients.conf”
client 192.168.0.0/24 {
    secret      = cisco
    shortname   = switch
}

Define a user/password combination for testing. I've created the user kpps with the password Secret and another user test with the password Test. Can pick your own username and password, but it need to maintain the spacing in the configuration file “/etc/raddb/users”.
kpps        Cleartext-Password := "Secret"
                Reply-Message = "Hello, %u"
test          Cleartext-Password := "Test"
                Reply-Message = "Hello, %u"

After changed configuration, need to restart radius service. Also check the service status.
[root@radius ~]# systemctl restart radiusd
[root@radius ~]# systemctl status radiusd

If you want to see the processes more details please run radius service with debug mode.
[root@radius ~]# systemctl stop radiusd
[root@radius ~]# radiusd -X

Switch Configuration
As primary step, establish connection between radius server and switch.
switch(config)#interface vlan2
switch(config-if)#ip address 192.168.88.31 255.255.255.0
switch(config-if)#no shutdown
switch(config-if)#interface GigabitEthernet1/0/1
switch(config-if)#switchport mode access
switch(config-if)#interface GigabitEthernet1/0/2
switch(config-if)#switchport mode access
switch(config-if)#interface GigabitEthernet1/0/3
switch(config-if)#switchport mode access

Enable Authentication, Authorization, and Accounting (AAA) for the switch and point to radius server (192.168.88.137).
switch(config)#aaa new-model
switch(config)# radius-server host 192.168.88.137 auth-port 1812 acct-port 1813 key cisco

Configure AAA to reference the RADIUS server for 802.1X authentication and accounting requests.
switch(config)# aaa authentication dot1x default group radius
switch(config)#aaa accounting dot1x default start-stop group radius
switch(config)#interface GigabitEthernet1/0/2
switch(config)#authentication port-control auto
switch(config)#dot1x pae authenticator
switch(config)#interface GigabitEthernet1/0/3
switch(config)#authentication port-control auto
switch(config)#dot1x pae authenticator
switch(config)#do wr

Testing
Configure static ip address for two window clients.
Configure 802.1x client authentication
            1) Run > services.msc > Wired AutoConfig, right click and start the service.
            2) Control Panel > Network and Sharing Center > Change adapter settings > Interface Properties > Authentication
            
            3) Choose a network authentication method: Settings configuration was as follow
             
             4) Additional Settings was as follow was as follow
             5) And set username and password that were configured in radius users config file under “Save credentials”

Result

I transfer file between two client and got the result as follow.

Network Config helped by my senior bro!
Thank you!


Comments

Post a Comment

Popular posts from this blog

Using Zabbix Inventory Script for AWX Ansible Tower Inventory

-
Image
Hello! Have a nice day. Today I am going to show you how to use Zabbix Server as Inventory Source for Ansible AWX Tower. As you know Ansible Tower allow you to set not only static inventory but also dynamic inventory. Dynamic Inventories executable programs that collect information from some external source and output the inventory in JSON format. Now, I will use Zabbix Monitoring Server as my external source to fetch inventory. As prerequisites,   we need   Ansible Tower or AWX Ansible Tower   Zabbix Server   And need to install Zabbix-api module.   Zabbix-api can download  Here . $pip install zabbix-api-version.tar.gz As first Step, we are going to fetch zabbix.py which is dynamic inventory script contributed for Ansible project.  Copy and paste the script in TowerUI/Inventory Scripts/CREATE INVENTORY SCRIPT /CUSTOM SCRIPT https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/zabbix.py Then update self...
Read more

Python3 - Basic Knowledge of using Dictionary

-
Image
<Zawgyi> Hello all again  ပါπŸ˜ƒ  α€…ာα€™ ေα€›းတာၾကာပီဆိုေတာ့ ထရင္ဆံုး Draftထဲα€€ ထက်α€”္ေα€œးα€›ွင္းေပါ့ α€’ီတ ေခါα€€္ ေၿပာα€™ွာα€€ ေတာ့ ထခုခ်ိα€”ိα€™ွာ dataေတြα€™်ားα€œာပီ ထဲ့α€œိုပဲ တဖက္α€™ွာ α€€ိုα€š့္α€›ဲα‚• systemα€™ွာ appတခု script ျα€–α€…္ျα€–α€…္α€™ွာ Data ေတြα€€ို α€˜α€š္α€œို structureα€€်α€€် α€žိα€™္းα€™α€œဲဆိုတာ α€…α€₯္းα€…ားα€…α€›ာျα€–α€…္α€œာပီ α€€ိုα€š္α€€ α€œα€€္α€›ွိ Python α€”ဲα‚”α€€်င္α€œα€Š္ေနတာ့ α€’ီα€™ွာ dataေတြα€€ို α€˜α€š္α€œို structureα€€်α€€်α€žိα€™္းႏိုင္α€œဲ ေျပာျပ α€žြားပါα€™α€š္..... Python α€™ွာ mainly ထေα€”α€”ဲ. data structure 4α€™်ိဴး α€›ွိပီး - list, dictionary, tuples and sets! α€’ီtopic α€™ွာတော့ dictionary α€€ိုα€˜α€š္α€œို α€žံုးပီး Dictionary, List  α€˜α€š္α€œို α€€ြာၿခားα€œဲα€›α€š္ α€›ွင္းျα€•α€žြားပါ့α€™α€š္ How to use and declare and access Dictionary           α€’ီ topic α€™ွာ dictionary α‚€α€€ီးα€€ို α€…ာα€”ဲα‚” α€›ွင္းျပတာထက္ ပိုျမင္ေထာင္ exampleေα€œးα€”ဲα‚”ေပ့ါ α€€ိုα€š္ေတြ dictionary αΎα€€α€Š့္ရင္ alphabetα€”ဲα‚”α€›ွာαΎα€€α€α€š္ေα€œ. α€α€”α€Š္းထားျဖင့္ α€’ါα€€ keyေပါ့ keyဆိုတ့ဲ alphabet α€”ဲα‚”α€›ွာα€™ွ α€žူα‚”α€›ဲα‚• value- wordα€›ဲဲ့ meaning α€€ိုα€žိတာေα€œ          ထဲ့α€œိုပါပဲ pyth...
Read more

cisco csr1000v ios upgrade or downgrade

-
Image
Good Morning! Today Let me share about upgrading or downgrading ios using ansible. Original idea credit to eanylin ( https://github.com/eanylin ). I follow rule for ios upgrade guide from cisco ( https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/configuration/b_CSR1000v_Configuration_Guide/b_CSR1000v_Configuration_Guide_chapter_01001.html ) and add some intelligence twisted code to each four roles. Hope you like it.  Please check this out πŸ˜‰ and enjoy! https://github.com/tproximus/cisco-csr1000v-ios-upgrade-downgrade Have a nice day!
Read more