Index | Prev | Next

Requirements

Niagara 4.8 makes it possible to configure a JACE-8000 or Edge device to run as a supplicant (client) on an IEEE 802.1X network.

This document assumes that you have experience with network authentication, and understand the properties that need to be configured. Consult your local IT network administrator if you have any questions.

Hardware requirements

A JACE-8000 or Edge device.

 
NOTE: IEEE 802.1X is supported only on the device’s Primary Ethernet adapter.
 
 
NOTE: For Edge devices, IEEE 802.1X is supported only in isolated mode. It is not supported on an Edge device in daisy-chain mode.
 

Software requirements

  • You must have a properly licensed Niagara 4.8 release installed and running.
  • You need to have platform credentials in order to configure the device for IEEE 802.1X communications since this is configured only at the platform level.
  • No modules are required for the platform-level connection and configuration. However, for the station-level IEEE 802.1X Platform Service Plugin, you will need to make sure that the platIEEE8021X (-rt, -wb) modules are available in the Workbench environment so that the views are available. However, it is not a requirement that these modules are installed to the supplicant device (only the Workbench environment).
     
    NOTE: The station-level view (shown right) is a read-only view which can be useful for confirming connection status.
    Figure 1.   Configurable Workbench view (left), Read-only station-level view (right)
    Image

     

License requirements

The Niagara 4.8 ieee8021x license feature must be installed on the device.

Certificate requirements

 
NOTE: You will need to coordinate with your local IT department/network administrator for the following items:
  • The authentication scheme required by the network (e.g., EAP-TLS, PEAP, etc.), used in configuring the supplicant device for IEEE 802.1X communications
  • A client certificate (*.pem format) for the supplicant device, the “identity” associated with that certificate, and possibly a “private key password”.
     
    NOTE: The client certificate should include the client’s private key and it may include the optional “private key password”. If the certificate uses one, then that private key password is required in order to use the certificate.
     
  • A CA certificate (*.pem format). The CA certificate is a certificate that can confirm the identity of the server to the supplicant. Both of the certificates are used in establishing a connection to the 802.1X network.

 

Once you obtain the client and CA certificates, save the *.pem files somewhere on the Workbench ( Supervisor) file system. When setting up security on the supplicant device, the client and CA certificate files will be imported to the device’s Certificate Management view User Key Store and User Trust Store respectively.

Related Links

  • Preparation and installation (Parent Topic)

    • Other Related Links

  • Preparation and installation (Parent Topic)

    • Index | Prev | Next