Re: System-Wide 802.1x configuration?

From: Jonas Bygdén <jbygden gmail com>
To: Thomas Haller <thaller redhat com>
Cc: networkmanager-list gnome org
Subject: Re: System-Wide 802.1x configuration?
Date: Sun, 2 Jan 2022 10:50:43 +0100

Yes, you understand correctly, I (and my team) provision and pre-configure machines for employees.

What I mean by “globally system-wide” is I want to configure 802.1x and have it work regardless of which ethernet interface in the machine that’s used. I’d rather not have to have multiple configurations for multiple interfaces.

From what I understand from your reply this should be possible.

This sounds like exactly what I’d like to do:

"For example, if you have an ethernet profile that does not specify

"connection.interface-name", then it would apply to any ethernet device
(unless it's restricted via some other property, like "ethernet.mac-
address", "match.*"). It would sound, that you want that your profile
is applicable to any device.”

Now I just have to figure out how to do it.

Thanks Thomas!

On 2 Jan 2022, at 10:02, Thomas Haller <thaller redhat com> wrote:

Hi,

On Wed, 2021-12-29 at 14:20 +0100, Jonas Bygdén via networkmanager-list
wrote:
Today we configure our Linux clients to use wired 802.1x on the on-
board ethernet interface in the laptops they get.

If I understand you correctly, you pre-configure machines for others
(like students or employees).

Some users choose to connect their laptop to a monitor using USB-C,
and then using the ethernet interface that's built-in to the monitor.
This changes the interface/connection and hence it doesn't have the
pre-configured 802.1x, requiring a new configuration of 802.1x for
that interface as well.

So, my question is: Is it possible to configure 802.1x for all
connections at once, globally "system wide", instead of on a "per
connection" basis? Making the 802.1x configuration work regardless of
which interface/connection is used to connect to the (wired) network?

What would mean "globally system-wide"? You need configuration for
configuring a network interface. That configuration is the connection
profile. And since there are profiles, there is no need to have a
concept for "global system-wide" configuration. Just create/predeploy
such a profile yourself.

a connection profile "matches" on a device based on certain properties.
For example, if you have an ethernet profile that does not specify
"connection.interface-name", then it would apply to any ethernet device
(unless it's restricted via some other property, like "ethernet.mac-
address", "match.*"). It would sound, that you want that your profile
is applicable to any device.

Usually, a profile can only be activated once at any given moment. You
could instead configure "connection.multi-connect=multiple", to
activate on multiple devices at the same time. However, that might not
make sense for your usecase and is probably not a good idea (because
it's confusing).

best,
Thomas

References:
- Re: System-Wide 802.1x configuration?
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]