[Networkmanager] Howto add 802-1x settings for all new ethernet connections

Till Maas till at redhat.com
Mon Feb 13 09:21:10 UTC 2023 

Am Mo., 13. Feb. 2023 um 08:44 Uhr schrieb Andrei Borzenkov <
arvidjaar at gmail.com>:

> On Mon, Feb 13, 2023 at 10:20 AM Till Maas <till at redhat.com> wrote:
> >
> >
> >
> > Am So., 12. Feb. 2023 um 21:20 Uhr schrieb Thomas Haller <
> thaller at redhat.com>:
> >>
> >> Hi,
> >>
> >>
> >> On Sun, 2023-02-12 at 11:00 +0100, John Doe wrote:
> >> > We're currently looking into requiring 802-1x for all wired ethernet
> >> > connections.
> >> > We have a large number of Linux clients. Mostly slim laptops that
> >> > don't have an ethernet adapter. These connect to the wired network
> >> > using docking stations or usb to ethernet adapters. All Linux clients
> >> > are deployed using PXE boot to deploy the company image.
> >> > Problem is during the deploy process there's of course only the
> >> > adapter used for the deploy availbale on the client. I can get the
> >> > 802-1x settings added for this adapter as part of the deploy.
> >> > But then I'm out of control. I can't control NetworkManager to setup
> >> > 802-1x for the connection created by NetworkManager when the user
> >> > connects to a docking station. Yes, unfortunately it creates a new
> >> > wired connection.
> >>
> >> you can disable that with "[main].no-auto-default=*" in
> >> NetworkManager.conf. Of course, the the user plugs in a new ethernet
> >> device and NetworkManager isn't doing anything automatically. Whether
> >> that is more desirable is unclear.
> >
> >
> > It seems to me that having NM ship a default profile with
> "connection.multi-connect=multiple" that contains the settings that the
> automatically created profile simplifies the configuration and makes the
> behavior accessible via the API and reduces the need to configure this with
> the NetworkManager-config-server subpackage. What would be the downside of
> removing the auto-default behavior?
> >
>
> I am not aware of the possibility to match only wired interfaces (or
> for that matter any other kind of interfaces) in connection profiles.
> Auto-default is only done for wired interfaces. If I am wrong and such
> a possibility exists, it would certainly be preferable to any hard
> coded behavior.
>

Currently, the matching is based on the type, so I guess the default
profile would be an ethernet type. It would be better IMHO to have this
also as part of the match setting, so a generic profile (which need to
become usable again), can match a wired interface.

Cheers
Till





-- 
Till Maas
He/His/Him
Manager, Software Engineering
Network Management Team - NetworkManager, Nmstate, Ansible RHEL Networking
System Role

Red Hat GmbH, https://www.redhat.com/de/global/dach, Registered seat:
Werner von Siemens Ring 12, 85630 Grasbrunn, Germany
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/networkmanager/attachments/20230213/4644a500/attachment.htm>

More information about the Networkmanager mailing list