802.1x wired authentication



Hello,

I am currently considering deploying NetworkManager on my 802.1x authenticated wired network. I seem to be hitting a few roadblocks, and I'd prefer some feedback.

My network is configured to place the client on a different VLAN depending on authentication. So if authentication succeeds, you end up on the auth VLAN, it fails, you end up on the un-auth VLAN. This works great if I use two separate Connections in NetworkManager, however I want to avoid this and just use 1 Connection.

When I attempt to use 1 connection, NM detects that wpa_supplicant failed to authorize the interface, and instead of running DHCP client anyway (which would get it an IP on the un-auth'd VLAN) NM just decides to disable the interface.

I've attached a log of this. Note that in this instance I've broken the authentication on purpose to see what would happen. So instead of disabling the interface, I want NM to try to DHCP anyway. The evening spent looking at the code seems to imply this is not possible (I am on Networkmanager on Ubuntu Precise network-manager-0.9.4.0-0ubuntu4.2.)

I'm curious if you would take a patch for this behavior?

If not, I could use the 2 different connections (which work fairly well for the majority of my use cases.) However there are some minor issues with that set up that I need to address. One is how to switch between the connections. If I presume I have 2 connections (A for Auth and U for UnAuth) how do I get NM to always try A first? My understanding is that NM will try the 'last successful' connection first. Is there any sort of API to specify priorities, such that when the interface is toggled, A will always be tried before U?

Another problem is lets presume that authentication failed and my host utilizing the U connection. Will NM ever retry using the A connection (since again, it is 'preferred'?)

Attachment: log
Description: Binary data



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]