z-afshar/dot1x-client-cisco-freeradius

## dot1x-client-cisco-freeradius
client(supplicant)----switch(authenticator)------radius server

#### client

client (windows 7):
service Wired Autoconfig must be started (Automatic mode)
nic properties authentication tab :
enable 802.1x
peap
authentication mode : user authentication

#### authenticator cisco switch 2960:

aaa authentication dot1x default group radius
aaa authorization network default group radius
authentication mac-move permit
dot1x system-auth-control
interface FastEthernet0/11
 descr Connected to WIN7 Supplicant
 switchport access vlan 111
 switchport mode access
 authentication port-control auto
 dot1x pae authenticator
 dot1x timeout tx-period 5
 dot1x pae supplicant
radius-server host X.X.X.X auth-port 1812 acct-port 1813 timeout 3
radius-server key secret

debug dot1x all
terminal monitor
sh dot1x all

#### Rasdius Server (freeradius3.0.12):

nano /etc/freeradius/mods-config/files/authorize

user1 Cleartext-Password :="PASS", MS-CHAP-Use-NTLM-Auth := 0
LAP\user1 Cleartext-Password :="PASS", MS-CHAP-Use-NTLM-Auth := 0

DEFAULT     Auth-Type = ntlm_auth

nano /etc/freeradius/mods-available/eap
nano /etc/freeradius/mods-available/ntlm_auth
nano /etc/freeradius/sites-available/default
nano /etc/freeradius/sites-available/inner-tunnel


nano /etc/freeradius/clients.conf

client 0.0.0.0/0 {
        secret = secret
        shortname = any
}

nano /etc/freeradius/radiusd.conf
service freeradius restart
tail -fn10 /var/log/freeradius/radius.log
	client(supplicant)----switch(authenticator)------radius server

	#### client

	client (windows 7):
	service Wired Autoconfig must be started (Automatic mode)
	nic properties authentication tab :
	enable 802.1x
	peap
	authentication mode : user authentication

	#### authenticator cisco switch 2960:

	aaa authentication dot1x default group radius
	aaa authorization network default group radius
	authentication mac-move permit
	dot1x system-auth-control
	interface FastEthernet0/11
	descr Connected to WIN7 Supplicant
	switchport access vlan 111
	switchport mode access
	authentication port-control auto
	dot1x pae authenticator
	dot1x timeout tx-period 5
	dot1x pae supplicant
	radius-server host X.X.X.X auth-port 1812 acct-port 1813 timeout 3
	radius-server key secret

	debug dot1x all
	terminal monitor
	sh dot1x all

	#### Rasdius Server (freeradius3.0.12):

	nano /etc/freeradius/mods-config/files/authorize

	user1 Cleartext-Password :="PASS", MS-CHAP-Use-NTLM-Auth := 0
	LAP\user1 Cleartext-Password :="PASS", MS-CHAP-Use-NTLM-Auth := 0

	DEFAULT Auth-Type = ntlm_auth

	nano /etc/freeradius/mods-available/eap
	nano /etc/freeradius/mods-available/ntlm_auth
	nano /etc/freeradius/sites-available/default
	nano /etc/freeradius/sites-available/inner-tunnel


	nano /etc/freeradius/clients.conf

	client 0.0.0.0/0 {
	secret = secret
	shortname = any
	}

	nano /etc/freeradius/radiusd.conf
	service freeradius restart
	tail -fn10 /var/log/freeradius/radius.log