Edgecore Networks Corporation

END USER LICENSE AGREEMENT

LEASE READ THIS END USER LICENSE AGREEMENT (THE “AGREEMENT”) CAREFULLY BEFORE USING SOFTWARE FROM EDGECORE. BY USING EDGECORE SOFTWARE (THE “SOFTWARE”), YOU SIGNIFY YOUR ASSENT TO AND ACCEPTANCE OF THIS END USER LICENSE AGREEMENT AND ACKNOWLEDGE YOU HAVE READ AND UNDERSTAND THE TERMS. AN INDIVIDUAL ACTING ON BEHALF OF AN ENTITY REPRESENTS THAT HE OR SHE HAS THE AUTHORITY TO ENTER INTO THIS END USER LICENSE AGREEMENT ON BEHALF OF THAT ENTITY. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, THEN YOU MUST NOT USE THE SOFTWARE. THIS END USER LICENSE AGREEMENT DOES NOT PROVIDE ANY RIGHTS TO EDGECORE SERVICES SUCH AS SOFTWARE MAINTENANCE, UPGRADES OR SUPPORT. PLEASE REVIEW YOUR SERVICE OR SUBSCRIPTION AGREEMENT(S) THAT YOU MAY HAVE WITH EDGECORE OR OTHER AUTHORIZED EDGECORE SERVICE PROVIDERS REGARDING SERVICES AND ASSOCIATED PAYMENTS.

1) Trademarks:

Edgecore, regardless of capital or lower case, is a registered trademark of Edgecore Networks Corporation. All other brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such herein. This does not mean, however that they may be used freely.

2) License grant:

"SOFTWARE” means the software contained in this package and any subsequent versions or upgrades received as a result of having down loaded this package. Edgecore grants YOU a license to use one copy of the version of this SOFTWARE only on a single Edgecore hardware. "YOU" or “BUYER” means a company, an entity or an individual taken as the original purchaser of the SOFTWARE. "USE" means storing, loading, installing, executing or displaying the SOFTWARE. YOU may not modify the SOFTWARE or disable any licensing or control features of the SOFTWARE except as an intended part of the SOFTWARE's programming features. This license is not transferable to any other company, entity or individual. YOU may not publish any registration information (serial numbers, registration keys, etc.) or pass it to any other company, entity or individual. BUYER may not electronically transfer the program from one Edgecore hardware to the other devices over any type of network. BUYER may not distribute copies of the SOFTWARE or the accompanying documentation to others either for a fee or without charge. BUYER may not modify or translate the SOFTWARE or documentation. BUYER may not disassemble the SOFTWARE or allow it to be disassembled into its constituent source code. BUYER's use of the SOFTWARE indicates his/her acceptance of these terms and conditions. If BUYER does not agree to these conditions, return the distribution media, documentation, and associated materials to the vendor from whom the SOFTWARE was obtained, and erase the SOFTWARE from any and all storage devices upon which it may have been installed.

3) Open Source Software:

Certain components of the SOFTWARE may incorporate “open source” software. To the extent required by an Open Source License that applies to Open Source Software included in or provided with the Software: (a) the terms of such Open Source License will apply to such Open Source Software instead of the terms of the license grant in this Agreement; and (b) any restrictions prohibited by such Open Source License that are contained in this Agreement will not apply to such Open Source Software. Notwithstanding the foregoing, SONiC is an open source Network Operating System (NOS) project and all the open source components and links to associated source code are available on the github at https://github.com/Azure/SONiC. The github will continuously get updated as the community adds new open source components to SONiC. Details are available on the Edgecore Networks Corporation, website (www.edge-core.com).

4) Ownership and Copyright:

The SOFTWARE is owned and copyrighted by Edgecore or Edgecore’s licensors. Your license confers no title or ownership of the SOFTWARE and should not be construed as a sale of any rights for the SOFTWARE. YOU acknowledge that the title and full ownership rights to the SOFTWARE will remain the exclusive property of Edgecore or Edgecore’s licensors and YOU will not acquire any rights to the SOFTWARE except as expressly set forth in this license. YOU agree that any copies of the SOFTWARE will contain the same proprietary notices which appear on and in the SOFTWARE.

5) Unauthorized Use:

YOU affirm that YOU will not attempt to reverse compile, modify, translate, or disassemble the SOFTWARE in whole or in part. It is strictly prohibited for YOU to use copy, rent, lease, sell, modify, decompile, disassemble, otherwise reverse engineer, or transfer the SOFTWARE except as provided in this Agreement. Any such unauthorized use shall result in immediate and automatic termination of this Agreement.

6) No Warranties:

This SOFTWARE is provided on an "AS IS" basis. Edgecore disclaims all warranties relating to this SOFTWARE, whether expressed or implied, including but not limited to any implied warranties of merchantability, non-infringement or fitness for a particular purpose. Neither Edgecore nor anyone else who has been involved in the creation, production, or delivery of this SOFTWARE shall be liable for any indirect, consequential, or incidental damages arising out of the use or inability to use such SOFTWARE, even if Edgecore has been advised of the possibility of such damages or claims. The person using the SOFTWARE bears all risk as to the quality and performance of the SOFTWARE. Some jurisdictions may not allow the exclusion of implied warranties or limitations on how long an implied warranty may last, or the exclusion or limitation of incidental or consequential damages, so that the above given limitations or exclusions may not apply to YOU.

7) Limited Liability:

BUYER acknowledges that the SOFTWARE may not be free from defects and may not satisfy all of BUYER's needs. Edgecore warrants all media on which the SOFTWARE is distributed for 90 days to be free from defects in materials and workmanship under normal use. The SOFTWARE and any accompanying written materials are licensed "AS IS". BUYER's exclusive remedy during the warranty period shall consist of replacement of distribution media if determined to be faulty. In no event will Edgecore be liable for direct, indirect, incidental or consequential damage or damages resulting from loss of use, or loss of anticipated profits resulting from any defect in the program, even if it has been advised of the possibility of such damage. In no event will Edgecore's liability for any claim, whether in contract, tort or any other theory of liability, exceed the aggregate amount paid by YOU for the SOFTWARE.

8) Compliance with laws:

Each party agrees to comply with all applicable laws, rules and regulations in connection with its activities under this Agreement. Without limiting the foregoing, YOU acknowledge and agrees that the Software, including technical data, is subject to United States export control laws, including the United States Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. End User agrees to comply strictly with all such regulations and acknowledges that End User has the responsibility to obtain licenses to export, re-export, or import the SOFTWARE.

9) Termination:

Without prejudice to any other rights, Edgecore may immediately terminate this license without notice if YOU fail to comply with any terms and conditions of this Agreement. In such event, YOU must: 1. Cease all use of the SOFTWARE; 2. Destroy or return to Edgecore the original and all copies of the SOFTWARE; and 3. Delete the SOFTWARE from all Edgecore hardware on which it was resident. All disclaimers of warranties and limitation of liability set forth in this Agreement shall survive termination of this Agreement.

10) Governing Law and Jurisdiction:

This Agreement shall be governed by the laws of California, USA, excluding its conflict of law provisions. To the extent permitted by law, any Dispute any dispute arising out of or relating to this Agreement shall be subject to the exclusive jurisdiction of the state and federal courts located in Orange County, California, USA.

11) General:

This Agreement represents the complete agreement between YOU and Edgecore relating to this license for the SOFTWARE and supersedes all prior agreements, communications, proposals and representations between the parties and prevails over any conflicting or additional terms of any quote, order, acknowledgement or similar communication. This Agreement may only be modified by a written document signed by both parties. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law that provision will be enforced to the maximum extent permissible and the remaining provisions of this Agreement will remain in full force and effect. All rights not expressly granted herein are reserved to Edgecore Networks Corporation.

ECS4620 configure Dot1x dynamic VLAN and RADIUS server with EAP-TLS Follow

john_weng 翁維澤

August 23, 2024 14:37
Updated

Topology:

Step:

1. Setup FreeRadius Server

2. Configure client

3. Configure switch

4. Verify

1. Setup FreeRadius Server

<1> Install freeradius server to Ubuntu(Ubuntu 14.04) as follow command:

FreeRadius ~ # apt-get install freeradius -y

<2> Configure "users" and "clients.conf" file

Users (path: /etc/freeradius/users)

Username "tsCommonName". It must be as same as commonName in the client.cnf (refer to step <4>)
"Tunnel-Private-Group-ID" parameter is for dynamically adding VLAN

Clients.conf (path: /etc/freeradius/clients.conf)

<3> Download the FreeRadius source code from https://freeradius.org/

FreeRadius ~ # wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.15.tar.gz

After decompress the source file, use files "~/freeradius-server-3.0.15/raddb/certs" to replace "/etc/freeradius/certs"

Reference commands:

FreeRadius certs # pwd
/etc/freeradius/certs
FreeRadius certs # rm -rf *
FreeRadius certs # cp -Rf ~/freeradius-server-3.0.15/raddb/certs/* .

<4> Modify ca files: server.cnf / client.cnf

server.cnf: modify output_password (path: /etc/freeradius/certs/server.cnf)

client.cnf: modify output_password, emailAddress and commonName

(path: /etc/freeradius/certs/client.cnf)

commonName need same as "Username" in users file

<5> Launch bootstrap script (path: /etc/freeradius/certs/bootstrap)

FreeRadius certs # ./bootstrap

<6> Copy "ca.pem", "client.key" and "ts@example.org.pem" (which is as same as "emailAddress" parameter) to Client.

Path:

/etc/freeradius/certs/ca.pem

/etc/freeradius/certs/client.key

/etc/freeradius/certs/ts@example.org.pem

<7> Modify eap.conf file (path: /etc/freeradius/eap.conf)

a. Change default_eap_type to tls

b. Remove(delete or comment) the make_cert_command

c. Change "private_key_password" value as same as server.cnf's output_password.

<8> After all Server side configuration is finished, restart the FreeRadius server.

You can use command:

a. start server normally or

FreeRadius freeradius # Service freeradius start

b. start server with debug mode

FreeRadius freeradius # Freeradius -X

2. Configure client

<1> Get the three files at configure server, please refer to "Setup FreeRadius Server" step <6>.

"ca.pem", "client.key" and "ts@example.org.pem" (which is same as "emailAddress" parameter)

<2> Add CA to client and update CA

Commands:

root@ts:/home/ts/Desktop# cp ca.pem /usr/local/share/ca-certificates/ca.pem.crt
root@ts:/home/ts/Desktop# update-ca-certificates

<3> Configure Client's network configure

3. Configure switch

<1> Switch IP:

Console#configure
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.2.46/20

<2> Switch VLAN:

Console(config)#vlan database
Console(config-vlan)#vlan 3

<3> 802.1x configure:

Global Configuration:

Console(config)#dot1x system-auth-control

Interface Configuration:

Console(config)#interface eth 1/3
Console(config-if)#dot1x port-control auto

4. Verify

Before client authentication, port #3 only allows the traffic which belong to VLAN 1(u).

After authentication, port #3 allows the traffic which belong to VLAN 1(u) and 3(t).

In show VLAN, you can see port #3 dynamic add to VLAN 3.

Comments

0 comments

Please sign in to leave a comment.

Category