NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
How can I tell whether a switch (GS108Tv2) supports EAP-TLS?
Hi everyone, I need to test a 802.1X supplicant which uses specificically the EAP-TLS protocol to communicate between the device and the switch. How can I tell whether a particular switch support...
According to this tutorial
EAP-TLS should work on GS108Tv2 (and other switches from the same cathegory) if you do a firmware update.
Martin,
Much more but just a switch supporting 802.1x is required for your plan.
A switch supporting 802.1x is mostly a broker between the supplicant and the RADIUS. There are no switches with built-in RADIUS capability, so this feature can't be listed. The commonly used PEAP-MSCHAPv2, EAP-TLS, or the mostly legacy EAP-MD5 require a RADIUS server supporting, where certificates are involved (as in EAP-TLS), you need a working public key infrastructure (PKI), too.
The RADIUS and 802.1x configuration is covered in the GS108T and GS110TP Smart Switch Software Administration Manual.
Regards,
-Kurt
I know that the switch won't be enough. But we have a requirement that we need to use this protocol (EAP-TLS). So my question is about this detail.
802.1X (Port Based Network Access Control) has defined the Extensible Authentication Protocol (EAP) over LAN (EAPoL). The switch (aka. authenticator) does just handle the basic EAP (on data link level, no IP) and pack/unpack the RADIUS Server communication in EAPoL and vice versa. Because this is transparent, it's extensible. As such it allows EAP negotiation to "any" authentication (like EAP-TLS) so it can be done between the supplicant and the RADIUS server. The switch (misleadingly named authenticator) does not have to care about the authentication method. For reference: EAP and EAPoL does exist since about 2004 (RFC3748) Over time, there was just one modification of the EAPoL protocol for use with MACsec (IEEE 802.1ae) and Initial Device Identity, IDevID (IEEE 802.1AR) in 802.1X-2010.
Get such a switch, the per port cost is well below 10 USD - it's a bargain to start and build your experience with this technology.Hi LaurentMa ... of course there are no issues with EAP-MD5 (have several deployments on the field with these small swiches) as well as EAP-TLS on the newer Smart Managed Pro. However, I don't get it why and how using an alternate authentication should break things. There is no change in the communicaiton process - when it comes to the switch - between the supplicant and the switch resp. the switch and the RADIUS server. Tell me what I've missed please.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
