diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-12-29 11:32:37 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-12-29 11:32:37 +0100 |
commit | 1162e00071c9d28b2c86f6ba3a9e4e8b086e8783 (patch) | |
tree | 557e775c1d1052c8a2d68b3437656324e06229c6 /docs/configuration | |
parent | bb9b6484430a6b7e38bcb4131d42066690e3ebd4 (diff) | |
download | vyos-documentation-1162e00071c9d28b2c86f6ba3a9e4e8b086e8783.tar.gz vyos-documentation-1162e00071c9d28b2c86f6ba3a9e4e8b086e8783.zip |
ethernet: add eapol documentation
Diffstat (limited to 'docs/configuration')
-rw-r--r-- | docs/configuration/interfaces/ethernet.rst | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index 3eae0d95..4392c1c8 100644 --- a/docs/configuration/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -96,6 +96,44 @@ Offloading :var0: ethernet :var1: eth0 +Authentication (EAPoL) +---------------------- + +:abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a network +port authentication protocol used in IEEE 802.1X (Port Based Network Access +Control) developed to give a generic network sign-on to access network +resources. + +EAPoL comes with an identify option. We automatically use the interface MAC +address as identity parameter. + +.. cfgcmd:: set interfaces ethernet <interface> eapol ca-cert-file <file> + + SSL :abbr:`CA (Certificate Authority)` x509 PEM file used afor authentication + of the remote side. + + .. code-block: none + + set interfaces ethernet eth0 eapol ca-cert-file /config/auth/ca.pem + +.. cfgcmd:: set interfaces ethernet <interface> eapol cert-file <file> + + SSL/x509 public certificate file provided by the client to authenticate + against the 802.1x system. + + .. code-block: none + + set interfaces ethernet eth0 eapol cert-file /config/auth/public.pem + +.. cfgcmd:: set interfaces ethernet <interface> eapol key-file <file> + + SSL/x509 private certificate file provided by the client to authenticate + against the 802.1x system. + + .. code-block: none + + set interfaces ethernet eth0 eapol key-file /config/auth/private.key + VLAN ==== |