HP Procurve: Setup 802.1X authentication with FreeRADIUS and OPNSense

 How to setup 802.1X authentication using EAP-MD5 (passwords not certs)...

OPNSense

1. Install FreeRADIUS under firmware...then go to the FreeRADIUS service to configure

2. Configure - General:

  • Enable service = check
  • Enable logging for setup







3. Configure - Users:
  • Add users i.e. end supplicants


4. Configure - Clients:
  • Add clients i.e. authenticators (for me this is the HP switch)
  • Host names did not work for me




5. Configure - EAP:
  • Choose you EAP type ... for passwords MD5
Remember to hit apply afterwards on OPNSense!

HP Procurve Switch

802.1X needs to be enabled on the HP switch to act as authenticator, for each supplicant (end device).

1. Log into the shell and then cofngure:

config
radius-server host <OPNSense IP> key <KEY FROM CLIENT CONFIG>
aaa authentication port-access eap-radius
aaa port-access authenticator <PORT #>
aaa port-access authenticator active
write mem


2. Check the config:
show vlan XXX


































To disable a port:
no aaa port-access authenticator <PORT #>

Hikvision

Configure networking - advanced:
  • Set Protocol to MD5
  • Set EAPOL to 2























Sources:



Posted by Me at 9/16/2024 11:55:00 pm

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)