So my campus decided to employ 802.1X protocol for authentication over the wired network in the dormatories at Michigan Tech. This is all great except for the part that normal switches can’t participate in the authentication because of the EAPOL frames exchanged before DHCP at layer 2.
What we will need to do is connect directly to the wall port while running a program called wpa_supplicant which will take care of the authentication then we will use dhclient to talk to a dhcp server and get an IP addy.

Here we go.. NOTE: Run everything following as root (don’t have to for creating the config)

1) First we have to install wpa_supplicant. It should be available via your package manger so depending on your operating environment, go ahead and search for it. If you have any recent operating system (last 5 yaers), it will probably already contain this program.

2) Now we have to make our configuration file for wpa_supplicant. It doesn’t matter where we do this so make a file anywhere on your operating system. For example we will use /etc/wpa as our file. Copy and paste the following into the file editing only the identity and password fields.

ap_scan=0 fast_reauth=1 network={ key_mgmt=IEEE8021X eap=PEAP identity=“username” password=“password” eapol_flags=0 phase1=“peaplabel=1” phase2=“auth=MSCHAPV2” }

3) Make sure the config file you made is saved. We can now run wpa_supplicant. I recommend running this in a screen session to make things easier. Here’s what I used to run it:

root@1337box:# wpa_supplicant -ieth0 -c/etc/wpa -dd -Dwired

4) Go ahead and plug in your ethernet cable. wpa_supplicant should do it’s magic and authenticate you. It will be very verbose about what its doing. I would wait probably about 30 seconds and if you don’t automatically get an IP address, go ahead and run the following to contact the dhcp server to get one.

root@1337box:# dhclient -nw eth0

You may have to wait a few seconds but you should eventually get an IP address from the pool and be on your way.

After authentication, you can Ctrl+C out of wpa_supplicant and get on with your life. You can also check out the wpa_supplicant man page to see how to make it run in the background if you don’t want it to bother you.

Hopefully this helps. Done on Debian Lenny 2.6.26-2-amd64

Sources

http://www.examplenow.com/wpa_supplicant/ http://www.nowiressecurity.com/articles/configure_8021x_authentication_in_linux.htm http://www.lsi.upc.edu/lclsi/Manuales/wireless/files/wpa_supplicant.conf http://www.oreillynet.com/etel/blog/2004/03/peap_support_on_linux_with_xsu.html http://en.wikipedia.org/wiki/IEEE_802.1X http://en.wikipedia.org/wiki/Wpa_supplicant http://en.wikipedia.org/wiki/Wpa_supplicant http://linux.die.net/man/5/wpa_supplicant.conf

Working on Debian 5 and 6 with varied NIC’s (some onboard, some expansion)..This should work for you!

Mario Loria is a builder of diverse infrastructure with modern workloads on both bare-metal and cloud platforms. He's traversed roles in system administration, network engineering, and DevOps. You can learn more about him here.