I am experimenting 802.1X in my home lab. I have most stuff working but one problem I have is with virtual machines not being able to authentication onto the network using 802.1X. There is very little information online about it but from the odd bits it seems like its possible.
I am using Proxmox as my hypervisor, which is Debian under the hood. I have managed to configure Proxmox to authentication itself with 802.1X using wpa supplicant. Its just the VMs which cant. The following link explains why the VMs cant and gives a solution to making it work by setting the forward mask:
https://interestingtraffic.nl/2017/11/21/an-oddly-specific-post-about-group_fwd_mask/
I have set the forward mask but its still not working for some reason. Hoping someone has either done this before or someone knows Linux bridging well enough to help me.
My current config:
# The loopback interface:
auto lo
iface lo inet loopback
# The first network interface:
auto eno1
iface eno1 inet manual
# The bridge:
auto vmbr0 # Auto start the bridge at boot
# Use this section for a static IP:
#iface vmbr0 inet static
# address 172.20.0.60/22
# gateway 172.20.0.1
# bridge_ports eno1
# bridge_stp off
# bridge_fd 0
# Use this section for DHCP:
iface vmbr0 inet dhcp
bridge_ports eno1 # Which ethernet port(s) to use for the bridge. Space separated list.
bridge_stp off # Spanning tree
bridge_fd 0 # Forwarding delay
post-up echo 8 > /sys/class/net/vmbr0/bridge/group_fwd_mask
# 802.1X settings:
wpa-iface eno1
wpa-bridge vmbr0
wpa-driver wired
wpa-conf /etc/wpa_supplicant.conf
# The second network interface:
iface eno2 inet manual
I have also posted on the Proxmox forum but really I think the question is more general Linux bridge stuff rather than being specific to Proxmox.
Any help would be greatly appreciated.
