CollabOS Admin Guide

2.3 Configure 802.1x

802.1X is an authentication protocol that eliminates the reliance on a single network password, which can be easily stolen. 802.1X allows unique credentials or certificates to be used per user.

Protocols supported:In Initial Setup (Wired only)Using Local Network AccessUsing a CollabOS DeviceIn Wired SettingsUsing Local Network AccessUsing a CollabOS DeviceIn Wireless SettingsUsing Local Network AccessUsing a CollabOS DeviceList of supported ciphers

802.1X authenticates the client to the network using an authentication server called RADIUS. A RADIUS server checks the userā€™s credentials to see if Ā the user is an active member of the organization and, depending on the network policies, grants different users varying levels of access.

Note: 802.1r is not supported on CollabOS hardware. Setting 'Fast Roaming' to Adaptive will not work with Logitech CollabOS devices. 'Fast Roaming' set to Enabled or Disabled will work with Logitech CollabOS devices.

This feature is used while configuring the network during or after device setup for wired and wireless connections. Certificates can be transferred via Local Network Access and Sync.

Protocols supported:

  • 802.1X wired network

    • EAP Protocol: PEAP

      • Phase 2: MSCHAPv2 or GTC

    • EAP Protocol: TLS (1.2 or 1.3)

      • 802.1X compatible certificate

  • WPA enterprise wireless networks

    • EAP Protocol: PEAP

      • Phase 2: MSCHAPv2 or GTC

    • EAP Protocol: TLS (1.2 or 1.3)

      • 802.1X compatible certificate

Note: Wireless connection will not work if the device already has an active wired connection.

Notes:

  • CollabOS supports multiple certificates, including support for intermediate certificates.

  • CollabOS devices auto-trust the server certificate (root CA certificate), so you should examine the certificate to ensure that it is appropriate for your network.

  • If establishing the 802.1X authentication in Local Network Access is unsuccessful, the CollabOS device will not reset to native network settings. The network connection for the CollabOS device needs to be established onsite.

  • If the 802.1X authentication is established after the proxy settings are applied in settings, proxy settings get reset and need to be applied again.

  • Only TLS 1.2 and 1.3 are currently supported.

In Initial Setup (Wired only)

Using Local Network Access

  1. Initiate the device setup using Local Network Access.

  2. Under wired connection, set up TCP/IP details and proxy details.

  3. Configure EAP protocol to set up 802.1X wired network connection.

Ā 

  1. Choose either PEAP or TLS as EAP protocol.

  2. For PEAP protocol:

  • Choose ā€˜none,ā€™ ā€˜MSCHAPv2,ā€™ or ā€˜GTCā€™ as phase 2 protocols.

  • Provide identity and password.

  1. For TLS protocol:

  • Provide identity (if required) and upload 802.1X certificate.

  • If the certificate requires a password, add the password.

  • CollabOS devices support .p12 and .pfx certificate formats.

Ā 

  1. Complete the rest of the device setup using Local Network Access.

  2. The device is now configured to work with the 802.1X network.

Using a CollabOS Device

  1. Initiate the device setup in your CollabOS device (Rally Bar, Rally Bar Mini, RoomMate, Tap IP, or Tap Scheduler).

  2. Under wired connection, set up TCP/IP details and proxy details.

  3. Configure Network Security to set up 802.1X wired network connection.

  4. Choose either PEAP or TLS as protocol.

  5. For PEAP protocol:

    • Choose ā€˜none,ā€™ ā€˜MSCHAPv2,ā€™ or ā€˜GTCā€™ as phase 2 protocols.

    • Provide identity and password.

Ā 

  1. For TLS protocol:

  • Provide identity (if required).

  • Upload 802.1X certificate via LNA.

  • If the certificate requires a password, add the password in LNA.

  • CollabOS devices support .p12 and .pfx certificate formats.

  1. Complete the rest of the device setup using Local Network Access.

  2. The device is now configured to work with the 802.1X network.

In Wired Settings

Using Local Network Access

  1. Login to Local Network Access.

  2. Select the connectivity section.

  3. Under wired connection, set up TCP/IP details and proxy details.

  4. Configure EAP protocol to set up 802.1X wired network connection.

Ā 

  1. Choose either PEAP or TLS as EAP protocol.

  2. For PEAP protocol:

  • Choose ā€˜none,ā€™ ā€˜MSCHAPv2,ā€™ or ā€˜GTCā€™ as phase 2 protocols.

  • Provide identity and password.

  1. For TLS protocol:

  • Provide identity (if required) and upload 802.1X certificate.

  • If the certificate requires a password, add the password.

  • CollabOS devices support .p12 and .pfx certificate formats.

Ā 

  1. The device is now configured to work with the 802.1X network.

  1. For further changes, login to Local Network Access using the new IP address.

Using a CollabOS Device

  1. Go to Logitech settings.

  2. Tap on the connectivity section.

  3. Scroll down and select ā€˜Reset network settings.ā€™

  1. Under wired connection, set up TCP/IP details and proxy details.

  2. Configure Network Security to set up 802.1X wired network connection.

  3. Choose either PEAP or TLS as protocol.

  4. For PEAP protocol:

  • Choose ā€˜none,, ā€˜MSCHAPv2,ā€™ or ā€˜GTCā€™ as phase 2 protocols.

  • Provide identity and password.

  1. For TLS protocol:

  • Provide identity (if required).

  • Upload 802.1X certificate via LNA.

  • If the certificate requires a password, add the password in LNA.

  • CollabOS devices support .p12 and .pfx certificate formats.

  1. The device is now configured to work with the 802.1X network.

In Wireless Settings

Using Local Network Access

  1. Login to Local Network Access.

  2. Select the connectivity section.

  3. Under wireless connection, select Wi-Fi name.

  4. Configure EAP protocol to set up 802.1X wireless network connection.

  5. Choose either PEAP or TLS as EAP protocol.

  6. For TLS protocol:

  • Select uploading 802.1X certificate under wireless connection.

  • If the certificate requires a password, add the password.

  • Select Wi-Fi name and provide identity (if required).

  • CollabOS devices support .p12 and .pfx certificate formats.

  1. For PEAP protocol:

  • Choose ā€˜none,ā€™ ā€˜MSCHAPv2,ā€™ or ā€˜GTCā€™ as phase 2 protocols.

  • Provide identity and password.

  1. The device is now configured to work with the 802.1X network.

  2. For further changes, login to Local Network Access using the new IP address.

Using a CollabOS Device

  1. Go to Logitech settings.

  2. Tap on the connectivity section.

  3. Scroll down in wireless connection and select ā€˜Reset network settings.ā€™

  1. Under wireless connection, select Wi-Fi name.

  2. Configure Network Security to set up 802.1X wireless network connection.

  3. Choose either PEAP or TLS as protocol.

  4. For PEAP protocol:

  • Choose ā€˜none,, ā€˜MSCHAPv2,ā€™ or ā€˜GTCā€™ as phase 2 protocols.

  • Provide identity and password.

  1. For TLS protocol:

  • Select ā€˜Configure using Local Network Accessā€™.

  • Login to Local Network Access.

  1. Once uploaded, disconnect your laptop as prompted on the screen.

  2. The device is now configured to work with the 802.1X network.


List of supported ciphers

  • Preferred: 128-bit TLS_AES_128_GCM_SHA256 (Curve 25519 DHE 253)

  • Accepted: 256-bit TLS_AES_256_GCM_SHA384 (Curve 25519 DHE 253)

  • Accepted: 256-bit TLS_CHACHA20_POLY1305_SHA256 (Curve 25519 DHE 253)

  • Preferred: 128-bit ECDHE-RSA-AES128-GCM-SHA256 (Curve 25519 DHE 253)

  • Accepted: 256-bit ECDHE-RSA-AES256-GCM-SHA384 (Curve 25519 DHE 253)

  • Accepted: 256-bit ECDHE-RSA-CHACHA20-POLY1305 (Curve 25519 DHE 253)

  • Accepted: 128-bit ECDHE-RSA-AES128-SHA (Curve 25519 DHE 253)

  • Accepted: 256-bit ECDHE-RSA-AES256-SHA (Curve 25519 DHE 253)

  • Accepted: 128-bit AES128-GCM-SHA256

  • Accepted: 256-bit AES256-GCM-SHA384

  • Accepted: 128-bit AES128-SHA

  • Accepted: 256-bit AES256-SHA

AI assisted translation
Menu