I am trying to set up an 802.1x authentication. I have Linux running in a PC which I wanted to use as an 802.1x authenticator and I am connecting a Windows PC to it which will be the supplicant.
I am looking for an open-source 802.1x authenticator code to run it in the Linux PC to authenticate the wired clients. Can you point me to an open-source 802.1x authenticator code for wired clients?
Generally, the authenticator needs to be running on your Ethernet switches – that is, directly on the other end of the cable away from the supplicant – and it is very rare to use a Linux PC this way.
The only 802.1X authenticator for Linux that I've seen is hostapd using driver=wired. It seems it has built-in support for certain hardware switch chips, but it makes a very useless authenticator on a regular PC because it doesn't actually know how to open/close ports on a software-based bridge.
So you could use it, but then you would have to hack together your own handler that reacts to events from hostapd's control channel (and adds MAC-based nft or ebtables rules?) – otherwise it wouldn't provide any security.
hostapd also supports MACsec (802.1AE), which might be easier to enforce.
I'm currently looking for a linux based NAC authenticator solution for a wired network as well. I just stumbled over a Red Hat guide that seems to offer at least a reasonable foundation for an implementation based on hostapd.
