EAP-TNC ======== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is Expansion of EAP-TNC?** EAP-TNC stands for Extensible Authentication Protocol - Trusted Network Connect. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is EAP-TNC?** EAP-TNC is an EAP method used for network access control that enables endpoint integrity assessment and remediation through Trusted Network Connect architecture. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is EAP-TNC useful?** * Ensures endpoint compliance with security policies before granting network access. * Supports health checks and remediation actions. * Enhances network security by preventing non-compliant devices from connecting. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * Client (supplicant) sends posture information to the server during EAP exchange. * Server evaluates endpoint compliance based on policy. * Server may instruct client to remediate issues. * Upon compliance, network access is granted. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is EAP-TNC used?** * Enterprise networks implementing Network Access Control (NAC). * Environments requiring endpoint health verification. * Integration with Trusted Network Connect frameworks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * Application Layer (Layer 7) within the EAP framework. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-TNC windows specific?** * No, supported on multiple platforms including Windows via appropriate supplicants. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-TNC Linux Specific?** * No, Linux support depends on supplicant implementations but is available. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by EAP-TNC?** * Runs over EAP, typically transported over EAPOL (Layer 2) or RADIUS (UDP). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by EAP-TNC?** * Uses standard RADIUS port UDP 1812 when tunneled via RADIUS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-TNC using Client server model?** * Yes, involving client (supplicant), authenticator, and authentication server. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-TNC protocol uses certificates?** * Certificates may be used depending on underlying authentication methods integrated with TNC. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How many frame exchanges are seen during connection for EAP-TNC protocol?** * Varies depending on posture assessment complexity; generally multiple EAP exchanges. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-TNC Protocol uses client certificates?** * Optional; depends on deployment and underlying authentication method. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-TNC Protocol uses Server Certificates?** * Optional; depends on underlying transport and authentication protocols. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-TNC Protocol depends on TCP?** * Indirectly if used with transport protocols like Diameter, but usually UDP via RADIUS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-TNC Protocol depends on UDP?** * Yes, typically uses UDP via RADIUS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are the roles involved when testing EAP-TNC Protocol?** * Supplicant (client) * Authenticator (network access device) * Authentication Server (RADIUS/TNC server) * Policy Server (optional) .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-TNC Protocol work with free radius server on Linux?** * Limited support; FreeRADIUS does not fully implement EAP-TNC by default. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-TNC Protocol work with Internal radius server of hostapd?** * No, hostapd’s internal radius server does not support EAP-TNC. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the RFC version use for EAP-TNC Protocol?** * RFC 5793 .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **During Connection Procedure which EPoL Packets are encrypted?** * EAPOL packets during TNC are not typically encrypted; encryption depends on underlying TLS or other transport. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can you Explain different stages of Connection Procedure for EAP-TNC Protocol?** * Client initiates EAP authentication. * Server requests TNC posture information. * Client sends posture data for evaluation. * Server evaluates and may request remediation. * Upon compliance, authentication success is sent. * Network access granted. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the final output of Connection Procedure?** * Access decision based on endpoint compliance. * Optionally, cryptographic keys for secure communication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the format of the key generate after the connection procedure?** * Depends on underlying authentication method; no fixed key format unique to EAP-TNC. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where the use of PMK generated by the Connection Procedure?** * PMK is used for 4-way handshake to secure wireless data if integrated with WPA/WPA2. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`EAP_TNC Version&IEEE Details ` * :ref:`EAP_TNC Basic Setup on Ubuntu using IPv4 ` * :ref:`EAP_TNC Basic Setup on Ubuntu using IPv6 ` * :ref:`EAP_TNC Protocol Packet Details ` * :ref:`EAP_TNC Usecases ` * :ref:`EAP_TNC Basic Features ` * :ref:`Reference links ` .. _EAP_TNC_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _EAP_TNC_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _EAP_TNC_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _EAP_TNC_step5: .. tab-set:: .. tab-item:: EAP_TNC Version&RFC Details * rfc details .. _EAP_TNC_step18: .. tab-set:: .. tab-item:: EAP_TNC Basic Setup on Ubuntu using IPv4 * setup .. _EAP_TNC_step19: .. tab-set:: .. tab-item:: EAP_TNC Basic Setup on Ubuntu using IPv6 * setup .. _EAP_TNC_step6: .. tab-set:: .. tab-item:: EAP_TNC Protocol Packet Details * packet details .. _EAP_TNC_step7: .. tab-set:: .. tab-item:: EAP_TNC Usecases * usecases .. _EAP_TNC_step8: .. tab-set:: .. tab-item:: EAP_TNC Basic Features * features .. _EAP_TNC_step17: .. tab-set:: .. tab-item:: Reference links * Reference links