Network access control on wired networks with IEEE 802.1X


The last step for the administrator is to set the RADIUS server to production mode: enable the init script using service freeradius start, and type chkconfig freeradius on to set up the server to use the same start procedure when rebooted.


The components for device-based authentication of terminal devices exist in many environments. It is up to the administrator to combine those components.

For some people, Network Access Control includes additional aspects, such as technical validation of version status or up-to-date virus signatures, in line with a security policy. NAC offers a number of customization options: Besides LDAP or SQL database integration, more complex environments might want to deploy a PKI with the use of Tiny CA [10], for example. Smartcards such as the Aladdin E-Token protect private user certificates.

IPv6 is supported with FreeRADIUS Version 2 or later; however, some 802.1X-capable switches might not comply. If you are experimenting with IKEv2, check out the project's experimental.conf.

An identically named SourceForge project is also researching IKEv2 [11]. Thanks to the Hostapd project [12], administrators can soon look forward to a new implementation of EAP in FreeRADIUS known as EAP2.

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Radius and 802.1X

    The Radius protocol is typically used to authenticate users in dial-up scenarios. But Radius is also useful in LAN environments: in combination with 802.1X, Radius forces users to authenticate at a low level before the switch opens up a port.

  • iNet Wireless Daemon

    Intel's iNet wireless daemon offers virtually all of the features found in the obsolete WPA Supplicant, and it is smaller by a factor of 10.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More