Re: System-Wide 802.1x configuration?

[Thomas Haller <thaller redhat com>]

Hi,

On Wed, 2021-12-29 at 14:20 +0100, Jonas Bygdén via networkmanager-list
wrote:
> Today we configure our Linux clients to use wired 802.1x on the on-
> board ethernet interface in the laptops they get.

If I understand you correctly, you pre-configure machines for others
(like students or employees).

> Some users choose to connect their laptop to a monitor using USB-C,
> and then using the ethernet interface that's built-in to the monitor.
> This changes the interface/connection and hence it doesn't have the
> pre-configured 802.1x, requiring a new configuration of 802.1x for
> that interface as well.
>
> So, my question is: Is it possible to configure 802.1x for all
> connections at once, globally "system wide", instead of on a "per
> connection" basis? Making the 802.1x configuration work regardless of
> which interface/connection is used to connect to the (wired) network?


What would mean "globally system-wide"? You need configuration for
configuring a network interface. That configuration is the connection
profile. And since there are profiles, there is no need to have a
concept for "global system-wide" configuration. Just create/predeploy
such a profile yourself.


a connection profile "matches" on a device based on certain properties.
For example, if you have an ethernet profile that does not specify
"connection.interface-name", then it would apply to any ethernet device
(unless it's restricted via some other property, like "ethernet.mac-
address", "match.*"). It would sound, that you want that your profile
is applicable to any device.

Usually, a profile can only be activated once at any given moment. You
could instead configure "connection.multi-connect=multiple", to
activate on multiple devices at the same time. However, that might not
make sense for your usecase and is probably not a good idea (because
it's confusing).



best,
Thomas