Simple DOT1X lab with Windows 7, Cisco 2950, CentOS w/ FreeRadius

IEEE dot1x is an authentication standard wherein a user is authenticated by an aaa server before it can gain layer 1 access to LAN/Switch. It is one of the topics covered in the CCNP Switch exam however Cisco only covered the switch configuration. In this lab we will try to see it in full action with clients and servers particularly the use of FreeRadius on Centos authenticating a Windows 7 machine. 

Requirements:

  • Centos running FreeRadius
  • Windows 7
  • 2950 Switch

The point of this lab is we just wanna see dot1x in action and what does it look like when its trying to authenticate a user accessing our LAN.

I won’t go over how to set up FreeRadius over Centos because I have already covered this in a previous blog:

https://delanajero.wordpress.com/2014/05/04/freeradius-centos-cisco/ 

For this lab I have username: hello password: world

It is basically the same topology like what I had in my freeradius blog. Make sure you can ping the switch from CentOS and vice-versa.

How do you set up your Windows 7?

Click start > on the search box type “services.msc” > look for “Wired AutoConfig”

Image

 

Change the startup type to Automatic and click the start button.

Image

 

Click ok…then close the service.msc windows. 

Click on the start button again and search for Network and Sharing Center, At the left hand corner click the “Change adapter setting” link. Look for your network adapter > right mouse click > choose properties > click the Authentication Tab

 Image

 

Click the Additional Settings… button, make sure tick the “Specify authentication mode” radio button and choose “User authentication”

Image

 

Click ok twice and that should be it for windows 7, plug the PCs NIC card to one of the switches’ port configured with dot1x authentication.

Let us console in to the switch and type the following commands:

Config t

aaa new-model
aaa authentication dot1x default group radius local
dot1x system-auth-control

interface FastEthernet0/1 (PC is connected here)
switchport mode access
dot1x port-control auto
spanning-tree portfast

Save your config and run debug dot1x error, just to monitor what error would come up in the event that authentication fails. 

Windows 7 will prompt you for a username and password, in my case it was asked twice. On the switch you can type “show dot1x int fa0/1” and expect to see this: 

Image

 

Windows 7 has been successfully authenticated by FreeRadius via dot1x. The PC has now access to LAN resources. 

One thought on “Simple DOT1X lab with Windows 7, Cisco 2950, CentOS w/ FreeRadius

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s