summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-12-29 11:32:37 +0100
committerChristian Poessinger <christian@poessinger.com>2020-12-29 11:32:37 +0100
commit1162e00071c9d28b2c86f6ba3a9e4e8b086e8783 (patch)
tree557e775c1d1052c8a2d68b3437656324e06229c6 /docs/configuration
parentbb9b6484430a6b7e38bcb4131d42066690e3ebd4 (diff)
downloadvyos-documentation-1162e00071c9d28b2c86f6ba3a9e4e8b086e8783.tar.gz
vyos-documentation-1162e00071c9d28b2c86f6ba3a9e4e8b086e8783.zip
ethernet: add eapol documentation
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/interfaces/ethernet.rst38
1 files changed, 38 insertions, 0 deletions
diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst
index 3eae0d95..4392c1c8 100644
--- a/docs/configuration/interfaces/ethernet.rst
+++ b/docs/configuration/interfaces/ethernet.rst
@@ -96,6 +96,44 @@ Offloading
:var0: ethernet
:var1: eth0
+Authentication (EAPoL)
+----------------------
+
+:abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a network
+port authentication protocol used in IEEE 802.1X (Port Based Network Access
+Control) developed to give a generic network sign-on to access network
+resources.
+
+EAPoL comes with an identify option. We automatically use the interface MAC
+address as identity parameter.
+
+.. cfgcmd:: set interfaces ethernet <interface> eapol ca-cert-file <file>
+
+ SSL :abbr:`CA (Certificate Authority)` x509 PEM file used afor authentication
+ of the remote side.
+
+ .. code-block: none
+
+ set interfaces ethernet eth0 eapol ca-cert-file /config/auth/ca.pem
+
+.. cfgcmd:: set interfaces ethernet <interface> eapol cert-file <file>
+
+ SSL/x509 public certificate file provided by the client to authenticate
+ against the 802.1x system.
+
+ .. code-block: none
+
+ set interfaces ethernet eth0 eapol cert-file /config/auth/public.pem
+
+.. cfgcmd:: set interfaces ethernet <interface> eapol key-file <file>
+
+ SSL/x509 private certificate file provided by the client to authenticate
+ against the 802.1x system.
+
+ .. code-block: none
+
+ set interfaces ethernet eth0 eapol key-file /config/auth/private.key
+
VLAN
====