There's talk of an 802.1x supplicant consortium
The Enterprise Strategy Group recently came out with a white paper proposing an open supplicant initiative. This initiative would ideally have wide industry support from commercial organizations, and be based on an Open Source supplicant.
I think it's a great idea.
Cisco has their NAC solution, and Microsoft has NAP, both of which rely on endpoint software for network integrity. As single-vendor solutions are always a concern to some people, there is now a standards body called TNC that's doing something similar.
However, the TNC body doesn't currently have an open supplicant that everyone can use. This is where an open supplicant initiative comes in. The supplicant can implement TNC, and whatever else anyone needs, in an open and standards-based approach.
This is not to say anything bad about Cisco or Microsoft. Their solutions are very interesting and useful. But some people prefer a vendor-independent, and standards-based system to a single-vendor solution.
I think it's high time for an Open Source supplicant to have signficant commercial backing. I hope this effort takes off.
January 19th, 2007 at 1:51 pm
Hello,
I have used FreeRadius with filter-ids with Cisco firewalls for vpn authentication. Do you know if it is possible to use FreeRadius with Cisco VPN 3000 series with NAC. The VPN 3000 series concentrator can enable the NAC functionality with a Cisco Radius Server. I would much rather use FreeRadius…very stable and reliable. Computers must use Cisco Trust Agent for this to work….but it is free. The radius server uses PeaP over UDP….has anyone used FreeRadius for this?
Thanks!!!
January 19th, 2007 at 11:49 pm
No one has yet implemented EAP over UDP with FreeRADIUS. I don't think it will be that hard, though.
The harder part is implementing the rest of Ciscos NAC infrastructure. They claim to be publishing the documentation for the protocols soon. After that, it will be possible for FreeRADIUS to be part of a NAC system.