- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
How can I tell whether a switch (GS108Tv2) supports EAP-TLS?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi everyone,
I need to test a 802.1X supplicant which uses specificically the EAP-TLS protocol to communicate between the device and the switch. How can I tell whether a particular switch supports this?
The Netgear GS108Tv2 switch was recommeded to me, but I would like to be sure before I order it. I cannot find this information in the description nor in the attached documents (data sheet and manual).
Thanks,
Martin
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According to this tutorial
EAP-TLS should work on GS108Tv2 (and other switches from the same cathegory) if you do a firmware update.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?
Martin,
Much more but just a switch supporting 802.1x is required for your plan.
A switch supporting 802.1x is mostly a broker between the supplicant and the RADIUS. There are no switches with built-in RADIUS capability, so this feature can't be listed. The commonly used PEAP-MSCHAPv2, EAP-TLS, or the mostly legacy EAP-MD5 require a RADIUS server supporting, where certificates are involved (as in EAP-TLS), you need a working public key infrastructure (PKI), too.
The RADIUS and 802.1x configuration is covered in the GS108T and GS110TP Smart Switch Software Administration Manual.
Regards,
-Kurt
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?
I know that the switch won't be enough. But we have a requirement that we need to use this protocol (EAP-TLS). So my question is about this detail.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?
802.1X (Port Based Network Access Control) has defined the Extensible Authentication Protocol (EAP) over LAN (EAPoL). The switch (aka. authenticator) does just handle the basic EAP (on data link level, no IP) and pack/unpack the RADIUS Server communication in EAPoL and vice versa. Because this is transparent, it's extensible. As such it allows EAP negotiation to "any" authentication (like EAP-TLS) so it can be done between the supplicant and the RADIUS server. The switch (misleadingly named authenticator) does not have to care about the authentication method. For reference: EAP and EAPoL does exist since about 2004 (RFC3748) Over time, there was just one modification of the EAPoL protocol for use with MACsec (IEEE 802.1ae) and Initial Device Identity, IDevID (IEEE 802.1AR) in 802.1X-2010.
Get such a switch, the per port cost is well below 10 USD - it's a bargain to start and build your experience with this technology.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?
Hi @LaurentMa ... of course there are no issues with EAP-MD5 (have several deployments on the field with these small swiches) as well as EAP-TLS on the newer Smart Managed Pro. However, I don't get it why and how using an alternate authentication should break things. There is no change in the communicaiton process - when it comes to the switch - between the supplicant and the switch resp. the switch and the RADIUS server. Tell me what I've missed please.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According to this tutorial
EAP-TLS should work on GS108Tv2 (and other switches from the same cathegory) if you do a firmware update.