Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 2838 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

802.1x Authentication/wpa_supplicant for XG

Jay Jay

Environment: Home use

My fiber ISP uses 802.1x for authentication.  On utm I can achieve this through the use of wpa_supplicant.  XG does not appear to contain any package manager to install additional modules.

What means are there to install this to the system?  If no means, what is the underlying OS?  Perhaps something can be compiled instead?



This thread was automatically locked due to age.
  • 0

    Hi  

    As per my understanding, you want to configure the WAN interface which has Fiber connectivity from ISP and also using 802.1X method to authenticate to use the ISP link. please share more details, it would help us to assist you better. ^KG

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Keyur, you are correct in your interpretation.

    The 802.1x authentication consists of the wpa_supplicant binary and a configuration file referencing several necessary certificates.  Those certs are available and present.  I just need some means of getting wpa_supplicant (compiled with support for 802.1x auth) onto the system.

    In the case of UTM, someone else with better know how did the compiling and provided me with a .rpm package to install.

  • 0 in reply to Jay Jay

    Hi  

    I will confirm this with my team and will inform you further.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0

    Yes...something that is easier to do on UTM because you have a little more access to the kernel.  I think Sophos would have to supply the 802.1x authentication, which, actually, is already contained in the software, I believe, at the wireless authentication level.

    They would have to supply this at the interface level, but they also would have to allow VLAN id 0.

    Eric

  • 0 in reply to Eric Kasper

    This is most likely the case.

     

    FWIW, I understand why the OP is looking for this ability...

    <RANT>

    The nonsensical requirement to use AT&T's poorly engineered CPE devices to "authenticate" to their Uverse / Fiber network is one of the reasons I got rid of them.  I'll never understand their desire to hamper what would otherwise be a very good service with this.  I do know of people using their gear in Passthru / DMZ mode and things generally work, but sometimes that can get testy after a ATT CPE gear firmware upgrade.  Way to make something simple, complicated, ATT!

    </RANT>

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to Eric Kasper

    @Eric, I'm not sure how important that vlan0 tagging is.  At present, UTM is under esxi with the wan interface in pass through mode.  That is utm has full/direct access to the wan nic.  I didn't have to do anything related to vlan 0 tagging to get wpa_supplicant to authenticate or pass regular traffic.

     

    @Bruce,yes you are correct.  Att still living in the dark ages.  Maybe the gateway was needed with dsl/vdsl, but with fiber it's just another tracking device from what someone who's decompiled the firmware has found out.

  • 0 in reply to Keyur

    Hi  

    Thank you for your time and patience and I have checked that requested feature and XG does not support as of now, I would request you to submit your feature request to ideas.sophos.com.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?