I'm looking for suggestions to enable 802.1X supplicant authentication on a Cisco ISR WAN port.
Scenario: My college residence provides unmetered internet access through ethernet ports in every room and requires users to authenticate using 802.1X-2010 EAPoL with EAP-PEAP-MSCHAPv2 (username/password) on the network. IEEE 802.1AE/"MACsec" security is not deployed. A Webauth failover is activated when no 802.1X credentials are provided in 5 seconds, but this is not desired as it puts the user in a VLAN with metered internet access. Their switch (a C2960X) only allows one (1) MAC address per switch port, and they recommend (and allow) a personal router when multiple devices in a room need internet access.
Problem: My previous router, a Ubiquiti EdgeRouter 4, didn't support 802.1X supplicant natively in EdgeOS 2.0 but would allow external Debian packages to be installed, so I deployed wpa_supplicant to authenticate the router using 802.1X. The current replacement device, a Cisco ISR1K router running IOS-XE version Fuji-16.09.04, also doesn't natively support 802.1X supplicant on the WAN port [1], and I'm stuck finding a simple and elegant method to enable 802.1X supplicant authentication on the Cisco ISR WAN port.
No comments:
Post a Comment