ACL question regarding RADIUS traffic

Started by DL-KK, June 06, 2024, 09:53:30 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 06, 2024, 09:53:30 AM
Hi
I am having a 802.1x setup and to get 802.1x (wifi) working through a opnsense FW, I have done the following steps

normalization:
disable scrub/normalization for interfaces touching the traffic

Rules:
create a rule allowing port UDP/1812 to NPS server
create a rule allowing port UDP/1813 to NPS server
create a rule allowing any UDP to NPS server (it is this rule I will like to tighten up)

the reason for last rule, is that if I dont have it, I can't get the Fragmented UDP packet through the FW, and then the radius validating fails.

background info,
we are using certificates for 802.1x so that is the reason why the packets are so large, and the need for Fragmenting the packet


Is there a way to allow the fragmented udp packet without allowing all UDP traffic to the server ?
Print
Go Up Pages1
User actions