Introduction
Things to mention:
802.1X is a standard that is part of 802.1, it consists in access control to a network by allowing/blocking all packets at the client's point of access into the network, including all broadcast packets, etc. ... It is possible on Wi-Fi, ethernet and other mediums.
Upon connecting a device to an ethernet port on a switch or associating to a wireless SSID, the network switch or wifi router concerned will initially not allow any data to be transmitted/received by the device. It will request the connected device to identify itself and, upon approval of the supplied credentials by an authentication server, start accepting packets from/to the newly connected device, or continue dis-allowing, in the case the authentication server did not approve the credentials.
Architecture
802.1X defines how EAP messages are transmitted over an IEEE 802 network (e.g. ethernet, wifi).
In the above example, a wifi router is providing access to the 192.168.254.0/24 network. When a device (called a supplicant) attempts to connect to the wifi network, the wireless router starts an EAP conversation with the supplicant over 802.1X, requesting it to supply credentials. The router then connects to the authentication server (which, in the example above is also part of the 192.168.254.0/24 network) and sends the EAP response it received from the supplicant over the RADIUS protocol. A well known RADIUS server software is called FreeRADIUS.
Things to mention:
What RADIUS/802.1X is able to provide and not and in which situations.
Varying implementation of features
Re-auth, accounting, request from server, features supported by TP-Link NASes
Terminology: NAS, RADIUS, FreeRADIUS, Authenticator, Supplicant, Authentication server
Diameter
Protocols used: EAP, MSCHAP, PEAP, TTLS, TLS
What EAP is
Difference between auth systems: PEAP, TTLS, TLS
Difference between 802.1X and RADIUS and FreeRADIUS
RADIUS is the protocol, it can be used for many purposes and many authentication methods can be used.
Certificates
Outer and inner identity and MAC/Windows support
Inner tunnel and outer tunnel sites
authorize, authenticate, post-auth, etc. sections
clients.conf
sites-available
mods-available
Wifi keying, session timeout, etc.
Sources
Support / Knowledge places
FreeRADIUS wiki:
FreeRADIUS mailing list:
https://wiki.freeradius.org/guide/Users-Mailing-List
http://lists.freeradius.org/mailman/listinfo/freeradius-users