× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

How can I tell whether a switch (GS108Tv2) supports EAP-TLS?

bartam
Aspirant

How can I tell whether a switch (GS108Tv2) supports EAP-TLS?

Hi everyone,

 

I need to test a 802.1X supplicant which uses specificically the EAP-TLS protocol to communicate between the device and the switch. How can I tell whether a particular switch supports this?

 

The Netgear GS108Tv2 switch was recommeded to me, but I would like to be sure before I order it. I cannot find this information in the description nor in the attached documents (data sheet and manual).

 

Thanks,

Martin

 

Model: GS108Tv2|ProSafe 8 ports gigabit smart switch
Message 1 of 7

Accepted Solutions
bartam
Aspirant

Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?

According to this tutorial

 

https://translate.google.com/translate?hl=cs&sl=de&tl=en&u=https%3A%2F%2Fwww.blog.happytec.at%2Finde...

 

EAP-TLS should work on GS108Tv2 (and other switches from the same cathegory) if you do a firmware update.

View solution in original post

Message 7 of 7

All Replies
schumaku
Guru

Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?

Martin,

Much more but just a switch supporting 802.1x is required for your plan.

 

A switch supporting 802.1x is mostly a broker between the supplicant and the RADIUS. There are no switches with built-in RADIUS capability, so this feature can't be listed. The commonly used PEAP-MSCHAPv2, EAP-TLS, or the mostly legacy EAP-MD5 require a RADIUS server supporting, where certificates are involved (as in EAP-TLS), you need a working public key infrastructure (PKI), too. 

 

The RADIUS and 802.1x configuration is covered in the GS108T and GS110TP Smart Switch Software Administration Manual.

 

Regards,

-Kurt

Message 2 of 7
bartam
Aspirant

Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?

I know that the switch won't be enough. But we have a requirement that we need to use this protocol (EAP-TLS). So my question is about this detail.

 

Message 3 of 7
schumaku
Guru

Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?

802.1X (Port Based Network Access Control) has defined the Extensible Authentication Protocol (EAP) over LAN (EAPoL). The switch (aka. authenticator) does just handle the basic EAP (on data link level, no IP) and pack/unpack the RADIUS Server communication in EAPoL and vice versa. Because this is transparent, it's extensible. As such it allows EAP negotiation to "any" authentication (like EAP-TLS) so it can be done between the supplicant and the RADIUS server. The switch (misleadingly named authenticator) does not have to care about the authentication method. For reference: EAP and EAPoL does exist since about 2004 (RFC3748) Over time, there was just one modification of the EAPoL protocol for use with MACsec (IEEE 802.1ae) and Initial Device Identity, IDevID (IEEE 802.1AR) in 802.1X-2010. 

Get such a switch, the per port cost is well below 10 USD - it's a bargain to start and build your experience with this technology.

Message 4 of 7
LaurentMa
NETGEAR Expert

Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?

Thank you for the question. GS108Tv2 Smart Managed Pro switch won't support EAP-TLS as 802.1x Authentication Method. It will support legacy EAP-MD5. For EAP-TLS, I think we should recommend MS510TX 5-Speed Multi-Gigabit Ethernet Smart Managed Pro Switch.

 

Regards,

Message 5 of 7
schumaku
Guru

Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?

Hi @LaurentMa ... of course there are no issues with EAP-MD5 (have several deployments on the field with these small swiches) as well as EAP-TLS on the newer Smart Managed Pro. However, I don't get it why and how using an alternate authentication should break things. There is no change in the communicaiton process - when it comes to the switch - between the supplicant and the switch resp. the switch and the RADIUS server. Tell me what I've missed please.

Message 6 of 7
bartam
Aspirant

Re: How can I tell whether a switch (GS108Tv2) supports EAP-TLS?

According to this tutorial

 

https://translate.google.com/translate?hl=cs&sl=de&tl=en&u=https%3A%2F%2Fwww.blog.happytec.at%2Finde...

 

EAP-TLS should work on GS108Tv2 (and other switches from the same cathegory) if you do a firmware update.

Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 3732 views
  • 0 kudos
  • 3 in conversation
Announcements