summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/configuration/interfaces/ethernet.rst38
1 files changed, 38 insertions, 0 deletions
diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst
index 3eae0d95..4392c1c8 100644
--- a/docs/configuration/interfaces/ethernet.rst
+++ b/docs/configuration/interfaces/ethernet.rst
@@ -96,6 +96,44 @@ Offloading
:var0: ethernet
:var1: eth0
+Authentication (EAPoL)
+----------------------
+
+:abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a network
+port authentication protocol used in IEEE 802.1X (Port Based Network Access
+Control) developed to give a generic network sign-on to access network
+resources.
+
+EAPoL comes with an identify option. We automatically use the interface MAC
+address as identity parameter.
+
+.. cfgcmd:: set interfaces ethernet <interface> eapol ca-cert-file <file>
+
+ SSL :abbr:`CA (Certificate Authority)` x509 PEM file used afor authentication
+ of the remote side.
+
+ .. code-block: none
+
+ set interfaces ethernet eth0 eapol ca-cert-file /config/auth/ca.pem
+
+.. cfgcmd:: set interfaces ethernet <interface> eapol cert-file <file>
+
+ SSL/x509 public certificate file provided by the client to authenticate
+ against the 802.1x system.
+
+ .. code-block: none
+
+ set interfaces ethernet eth0 eapol cert-file /config/auth/public.pem
+
+.. cfgcmd:: set interfaces ethernet <interface> eapol key-file <file>
+
+ SSL/x509 private certificate file provided by the client to authenticate
+ against the 802.1x system.
+
+ .. code-block: none
+
+ set interfaces ethernet eth0 eapol key-file /config/auth/private.key
+
VLAN
====