IEEE 802.1X authentication for eLux

Certificate-based logon with 802.1X

IEEE 802.1X is an IEEE standard for port-based Network Access Control in IEEE 802 networks. It provides an authentication mechanism for client devices (supplicants) wishing to attach to a LAN or WLAN. The supplicant provides credentials such as a digital certificate to an authenticator, and the authenticator forwards the credentials to an authentication server (RADIUS) for verification. The authenticator can be an IEEE 802.1X-capable Ethernet switch or wireless access point. If the authentication server determines the credentials are valid, the supplicant is allowed to access the protected side of the network.

As a RADIUS server, you can use the Microsoft Network Policy Server (NPS) or a freeware program such as freeRADIUS.

The supplicant is implemented as a software program. We support the free software wpa_supplicant.

The standard recommends the Extensible Authentication Protocol (EAP) or the PPP-EAP-TLS Authentication Protocol for authentication.

Note:

For certificate enrollment and management, you can use SCEP which is supported by eLux.

Certificate-based logon with 802.1X and TPM 2.0

In combination with SCEP, private keys on TPM 2.0 devices can be stored in the TPM 2.0 module. To further secure authentication, starting with eLux RP 6.2021, you have the option to have cryptographic keys generated inside the TPM 2.0 chip of a device. These keys can neither be displayed nor exported.

For further information, see Certificates for SCEP in the SCEP guide.