802.1X authentication to the network of Bonding setting in CentOS7

Network settings on a single NIC work, but ...

There was a case where I wanted the installed server network to be ** Bonging using multiple NIC ports and join the network with 802.1X authentication **. I was only able to participate in the network with a single NIC by myself, but with the cooperation of the people around me, I was able to participate with 802.1X authentication even in the case of Bonking.

Even if I searched on the net, I could not find the method of 802.1X authentication with "** Bonding setting **", so I will publish it as an article here. (Thanks to everyone who cooperated!)

Environment / things to prepare

I can't answer the device information of the server and network switch, but I hope you can think that the server is a racking type server such as Fujitsu, HP, IBM, and the network switch is done using products such as NETGEAR and Cisco. think.

NIC port to be Bonding: Wired connection with two ports on Intel 10G NIC
Certificate file: ZZZZZZ.pem(Or it may be in crt format)
Private key file: ZZZZZZ.p12

① Convert the certificate file from crt format to pem format

Initially, I received a certificate in the crt file format from the user, but I don't know the cause, but in the crt format, 802.1X authentication failed in the subsequent work. So, convert from crt to pem format with the following command.

openssl x509 -in ZZZZZZ.crt -out ZZZZZZ.pem

(2) Migrate the storage directory of the certificate file and private key file

Save ZZZZZZ.pem and ZZZZZZ.p12 in / etc / pki / CA / certs /.

③ Edit the ifcfg file

The bonding setting file is set as follows in / etc / sysconfig / network-scripts / ifcfg-bond0.

BONDING_OPTS="mode=4 miimon=100 xmit_hash_policy=layer2+3"

# 802.1X authentication settings
IEEE_8021X_CA_CERT=/etc/pki/CA/certs/ZZZZZZ.pem #Specify the path where the pem format file is saved in ②
IEEE_8021X_PRIVATE_KEY=/etc/pki/CA/certs/ZZZZZZ.p12 #Specify the path where the p12 format file is saved in (2)

④ Edit /etc/sysconfig/wpa_supplicant and /etc/wpa_supplicant/wpa_supplicant.conf

Edit the contents of /etc/wpa_supplicant/wpa_supplicant.conf as follows.

OTHER_ARGS="-u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid -t"

Edit the contents of / etc / sysconfig / wpa_supplicant as follows.


(5) Disable the startup of NetworkManager when the server starts.

If NetworkManager is started in advance, 802.1X authentication cannot be performed, so ** disable the service **.

chkconfig NetworkManager off

⑥ Enable and start wpa_supplicant

Since wpa_supplicant must be started for 802.1X authentication, ** enable and start the service **.

chkconfig wpa_supplicant on
systemctl start wpa_supplicant

⑦ Start wpa_supplicant and check if Connection succeeds.

If you get bond0: CTRL-EVENT-CONNECTED --Connection to <MAC address> completed with the following command, 802.1X authentication is successful.

wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired -i bond0

⑧ Check if Supplicant authentication is successful on the network switch side

Recommended Posts

802.1X authentication to the network of Bonding setting in CentOS7
Procedure to change lower_case_table_names = 1 in MySQL 8.0 of CentOS 8.3
Understand the characteristics of Scala in 5 minutes (Introduction to Scala)
How to install the root certificate of Centos7 (Cybertrust)
[Android] How to get the setting language of the terminal
How to set chrony when the time shifts in CentOS7
Setting the baseURL in the axios module of Docker environment Nuxt
How to change the setting value of Springboot Hikari CP
I was addicted to the setting of laradock + VSCode + xdebug
How to derive the last day of the month in Java
[Rails] Where to be careful in the description of validation
[Introduction] Setting up GridDB Community Edition in the CentOS container of Docker Desktop for the first time
It doesn't respond to the description in .js of the packs file
How to set the IP address and host name of CentOS8
Fix the file name of war to the one set in Maven
How to get the id of PRIMAY KEY auto_incremented in MyBatis
The milliseconds to set in /lib/calendars.properties of Java jre is UTC
I want to change the value of Attribute in Selenium of Ruby
I was addicted to the API version min23 setting of registerTorchCallback
What to do if you forget the root password in CentOS7
How to get the length of an audio file in java
How to increment the value of Map in one line in Java
Access the network interface in Java
Pass the i18n locale to JavaScript
Order of processing in the program
Now, put "InfluxDB + Telegraf + Chronograf" in CentOS8 and try to control the temperature of multiple Raspberry pi4.
A fix to prevent the increase in the number of DB connections in the custom authentication provider of the Cognos SDK sample
A story that I was addicted to twice with the automatic startup setting of Tomcat 8 on CentOS 8
# 16 policy setting to build bulletin board API with authentication authorization in Rails 6
The story of forgetting to close a file in Java and failing
Procedure to make the value of the property file visible in Spring Boot
Confirmation and refactoring of the flow from request to controller in [httpclient]
How to change the maximum and maximum number of POST data in Spark
Run x11 apps in a Docker container (supports network access from the container)
How to find the total number of pages when paging in Java
How to constrain the action of the transition destination when not logged in
How to get the setting value (property value) from the database in Spring Framework
How to get the absolute path of a directory running in Java
[Rails] The cause of not being able to post was in form_with
Android development, how to check null in the value of JSON object
How to implement the email authentication function at the time of user registration
Change the save destination of the image to S3 in the Rails app. Part 2
Get the result of POST in Java
Shorten the UUID to base64 in Swift.
The secret to the success of IntelliJ IDEA
Java reference to understand in the figure
The identity of params [: id] in rails
How to determine the number of parallels
The story of AppClip support in Anyca
How to sort the List of SelectItem
How to get the date in java
Output of the book "Introduction to Java"
Japanese setting of mysql in Docker container
The story of writing Java in Emacs
[Swift] How to get the number of elements in an array (super basic)
Use hashes well in Ruby to calculate the total amount of an order
graphql-ruby: How to get the name of query or mutation in controller Note
If you want to satisfy the test coverage of private methods in JUnit
How to get the ID of a user authenticated with Firebase in Swift
How to check the latest version of io.spring.platform to describe in pom.xml of Spring (STS)
Summarize the life cycle of Java objects to be aware of in Android development