ADVANTECH 802.1X Authenticator Router App User Guide

June 13, 2024
Advantech

ADVANTECH-logo

ADVANTECH 802.1X Authenticator Router App

ADVANTECH-802.1X-Authenticator-Router-App-product

Product Information

  • Product Name: 802.1X Authenticator
  • Manufacturer: Advantech Czech s.r.o.
  • Address: Sokolska 71, 562 04 Usti nad Orlici, Czech Republic
  • Document No.: APP-0084-EN
  • Revision Date: 10th October, 2023

 RouterApp Changelog

  • v1.0.0 (2020-06-05)
    First release.

  • v1.1.0 (2020-10-01)

  • Updated CSS and HTML code to match firmware 6.2.0+.

Authenticator

IEEE 802.1X Introduction

IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. IEEE 802.1X defines the encapsulation of the Extensible Authentication Protocol (EAP) over IEEE 802, which is known as “EAP over LAN” or EAPoL.

802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN. The term ’supplicant’ is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The authenticator is a network device which provides a data link between the client and the network and can allow or block network traffic between the two, such as an Ethernet switch or wireless access point; and the authentication server is typically a trusted server that can receive and respond to requests for network access, and can tell the authenticator if the connection is to be allowed, and various settings that should apply to that client’s connection or setting. Authentication servers typically run software supporting the RADIUS and EAP protocols.

Module Description
This router app is not installed on Advantech routers by default. See the Configuration Manual, chapter Customization –> Router Apps, for the description of how to upload a router app to the router.
802.1X Authenticator Router app enables the router to act as an EAPoL Authenticator and authenticate other devices (supplicants) connecting over a (wired) LAN interfaces. For the functional diagram of this authentication see Figure 1.

ADVANTECH-802.1X-Authenticator-Router-App-01

Figure 1: Functional Diagram

The connecting device (a supplicant) can be another router, managed switch or other device supporting the IEEE 802.1X authentication.
Note that this router app applies to wired interfaces only. For wireless (WiFi) interfaces is this functionality included in the WiFi Access Point (AP) configuration, when Authentication it set to 802.1X.

Installation

In the GUI of the router navigate to Customization -> Router Apps page. Here choose the downloaded module’s installation file and click to the Add or Update button.

Once the installation of the module is complete, the module’s GUI can be invoked by clicking the module name on the Router apps page. In Figure 2 is shown the main menu of the module. It has the Status menu section, followed by the Configuration and Customization menu sections. To return back to the router’s web GUI, click on the Return item.

ADVANTECH-802.1X-Authenticator-Router-App-02

Figure 2: Main menu

 Module Configuration

To configure the 802.1X Authenticator Router app installed on an Advantech router, go to the Rules page under the Configuration menu section of module’s GUI. On this page, tick the Enable 802.1X Authenticator together with the required LAN interface. Configure the RAIDUS credentials and other settings, see Figure 3 and Table 1.

ADVANTECH-802.1X-Authenticator-Router-App-03

Figure 3: Configuration Examle

Item|

Description

---|---
Enable 802.1X Authenticator| Enables the 802.1X Authenticator functionality Once en- abled, you also need to specify on which interface this should be activated (see bellow).
On … LAN| Activates the authentication for a given interface. When disabled, any MAC address can connect to that inter- face. When enabled, authentication is required prior communication on that interface.
RADIUS Auth Server IP| IP address of the authentication server.
RADIUS Auth Password| Access password for the authentication server.
RADIUS Auth Port| Port for the authentication server.

Continued on the next page

Module Configuration

Continued from previous page

Item|

Description

---|---
RADIUS Acct Server IP| IP address of the (optional) accounting server.
RADIUS Acct Password| Access password for the (optional) accounting server.
RADIUS Acct Port| Port for the (optional) accounting server.
Reauthentication Period| Limit the authentication for a given number of seconds. To disable reauthentication, use “0”.
Syslog Level| Set verbosity of information sent to syslog.
Exempt MAC x| Set up MAC addresses which shall not be subject to au- thentication. These will not be required to authenticate even when authentication is activated.

Table 1: Description of Configuration Items

If you want to configure another Advantech router to act as the supplicant, configure the appropriate LAN interface on the LAN configuration page. On this page enable the IEEE 802.1X Authentication and enter an Identity and Password of a user that is provisioned on the RADIUS server.

Module Status

Status messages of the module can be listed on the Global page under the Status menu section, see Figure 4. It contains information which clients (MAC addresses) are authenticated for each interface.

ADVANTECH-802.1X-Authenticator-Router-App-04

Figure 4: Status Messages

Known Issues

Known issues of the module are:

  • This module requires the firmware version 6.2.5 or higher.
  • The router firewall cannot block DHCP traffic. Hence, when an unauthorized device connects, it will anyway get a DHCP address. All further communication will be blocked, but the DHCP server will assign it an address regardless the authentication status.

Related Documents

You can obtain product-related documents on Engineering Portal at icr.advantech.cz address.

To get your router’s Quick Start Guide, User Manual, Configuration Manual, or Firmware go to the Router Models page, find the required model, and switch to the Manuals or Firmware tab, respectively.

The Router Apps installation packages and manuals are available on the Router Apps page.

For the Development Documents, go to the DevZone page.

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals