EAP-TNC
What is Expansion of EAP-TNC?
EAP-TNC stands for Extensible Authentication Protocol - Trusted Network Connect.
What is EAP-TNC?
EAP-TNC is an EAP method used for network access control that enables endpoint integrity assessment and remediation through Trusted Network Connect architecture.
Why is EAP-TNC useful?
Ensures endpoint compliance with security policies before granting network access.
Supports health checks and remediation actions.
Enhances network security by preventing non-compliant devices from connecting.
How it works?
Client (supplicant) sends posture information to the server during EAP exchange.
Server evaluates endpoint compliance based on policy.
Server may instruct client to remediate issues.
Upon compliance, network access is granted.
Where is EAP-TNC used?
Enterprise networks implementing Network Access Control (NAC).
Environments requiring endpoint health verification.
Integration with Trusted Network Connect frameworks.
Which OSI layer does this protocol belong to?
Application Layer (Layer 7) within the EAP framework.
IS EAP-TNC windows specific?
No, supported on multiple platforms including Windows via appropriate supplicants.
IS EAP-TNC Linux Specific?
No, Linux support depends on supplicant implementations but is available.
Which Transport Protocol is used by EAP-TNC?
Runs over EAP, typically transported over EAPOL (Layer 2) or RADIUS (UDP).
Which Port is used by EAP-TNC?
Uses standard RADIUS port UDP 1812 when tunneled via RADIUS.
Is EAP-TNC using Client server model?
Yes, involving client (supplicant), authenticator, and authentication server.
Whether EAP-TNC protocol uses certificates?
Certificates may be used depending on underlying authentication methods integrated with TNC.
How many frame exchanges are seen during connection for EAP-TNC protocol?
Varies depending on posture assessment complexity; generally multiple EAP exchanges.
Whether EAP-TNC Protocol uses client certificates?
Optional; depends on deployment and underlying authentication method.
Whether EAP-TNC Protocol uses Server Certificates?
Optional; depends on underlying transport and authentication protocols.
IS EAP-TNC Protocol depends on TCP?
Indirectly if used with transport protocols like Diameter, but usually UDP via RADIUS.
IS EAP-TNC Protocol depends on UDP?
Yes, typically uses UDP via RADIUS.
What are the roles involved when testing EAP-TNC Protocol?
Supplicant (client)
Authenticator (network access device)
Authentication Server (RADIUS/TNC server)
Policy Server (optional)
Does EAP-TNC Protocol work with free radius server on Linux?
Limited support; FreeRADIUS does not fully implement EAP-TNC by default.
Does EAP-TNC Protocol work with Internal radius server of hostapd?
No, hostapd’s internal radius server does not support EAP-TNC.
What is the RFC version use for EAP-TNC Protocol?
RFC 5793
During Connection Procedure which EPoL Packets are encrypted?
EAPOL packets during TNC are not typically encrypted; encryption depends on underlying TLS or other transport.
Can you Explain different stages of Connection Procedure for EAP-TNC Protocol?
Client initiates EAP authentication.
Server requests TNC posture information.
Client sends posture data for evaluation.
Server evaluates and may request remediation.
Upon compliance, authentication success is sent.
Network access granted.
What is the final output of Connection Procedure?
Access decision based on endpoint compliance.
Optionally, cryptographic keys for secure communication.
What is the format of the key generate after the connection procedure?
Depends on underlying authentication method; no fixed key format unique to EAP-TNC.
Where the use of PMK generated by the Connection Procedure?
PMK is used for 4-way handshake to secure wireless data if integrated with WPA/WPA2.
In this section, you are going to learn
Terminology
Version Info
rfc details
setup
setup
packet details
usecases
features
Reference links