How can I quickly set up a lab with 802.1x wired authentication? (without a switch)

Question

I want to experiment with 802.1x wired authentication and I don't have a switch with such capability. How can I quickly set up a lab for that purpose? (e.g. take a Linux machine and make it act like a switch with 802.1x wired authentication)

Answer 1

Answering my own question, for my future self (and others). I was able to get this quickly done as follows:

1. Install Ubuntu on a laptop. We will use the ethernet NIC as the "internal network" and the wireless NIC as the "external network".
2. Setup Ubuntu as a router that simply forwards traffic from the ethernet NIC to the wireless NIC. There are many guides in the Ubuntu community that help with setting up Ubuntu as a router.
3. Install freeradius and test it (it's useful to run freeradius in debug mode to watch the logs). This guide can help: http://wiki.freeradius.org/guide/Basic-configuration-HOWTO
4. Install hostapd and configure it for wired 802.1x authentication using the freeradius server (it's useful to run hostapd in debug mode to watch the logs). A sample hostapd.conf file for wired configuration is here (just change the shared secret to the one you configured in freeradius): https://android.googlesource.com/platform/external/wpa_supplicant_8/+/brillo-m9-dev/hostapd/wired.conf
5. Use another machine (e.g. a Win7 laptop) to test the setup - connect it to the ethernet port of the Ubuntu machine. In Win7, you need to start the "Wired AutoConfig" service and then configure the ethernet network adapter (in the "Authentication" tab) as needed.

That's it! you now have a very simple 802.1x wired authentication lab setup, without any real routers.