802.1x - Wired & Wireless

Nile's Campus Zero Trust approach to network security is essential in today's high risk environment. Nile's support for industry-standard 802.1X authentication enables you to enforce consistent access controls and policies across your wired and wireless campus networks, ensuring only authorized devices and users can connect.

By integrating with your existing RADIUS infrastructure, such as Windows NPS, Aruba ClearPass, Cisco ISE etc. to authenticate clients The Nile Access Service ensures only authorized devices and users can access network resources. In the Campus Zero Trust architecture, devices are denied access by default, and can only access resources through one of the supported authentication methods, including 802.1x. This streamlines the onboarding process and ensures a seamless user experience, all while maintaining a strong security posture.

The Nile Access Service supports several RADIUS-powered authentication methods to provide secure network access for a variety of devices and use cases. These authentication options include:

In this section we will cover 802.1X Authentication

To set up 802.1X authentication on your campus zero trust network with Nile, follow these steps:

In the Nile Portal, navigate to the "Network Setup>Authentication" tab and click "Add".







Redundancy: If multiple RADIUS servers are configured (Host 1, Host 2, Host 3), the Nile Access Service will follow a primary-secondary-tertiary failover model.

Proactive Monitoring: The Nile Access Service proactively monitors all configured RADIUS servers every minute, reporting on latency and the up/down status of each server.

This monitoring can be based on accounting transactions or MSCHAP-PEAPv2 username and password verification provided by the administrator.

Nile understands that not every device on your network will support 802.1X. For these non-802.1X-capable clients, Nile offers MAC Authentication Bypass; learn more.

In some use cases, a single SSID can be mapped to multiple segments in the Nile Access Service. In such scenarios, it is mandatory for the RADIUS server to send back the exact segment name that the user or device should be assigned to. The Nile Access Service supports dynamic segment assignment based on user and device attributes received from external RADIUS servers, such as Cisco Identity Services Engine (ISE) and Aruba ClearPass. To facilitate this, Nile provides a custom dictionary file that can be uploaded to the RADIUS servers or standard RADIUS attributes can be used

When a user or device authenticates to the Nile Access Service using 802.1X, the RADIUS server can send the "netseg" Vendor Specific Attribute (VSA) during the authentication process. This attribute informs the Nile Access Service which network segment the user or device should be assigned to.



Following is the 802.1x flow:

The segment assignement can be achieved in two ways:

If the segment name sent by the RADIUS server is null or does not match the configured segments in Nile, the device will fail authentication with the appropriate error message.

By leveraging dynamic segment assignment with the Nile-provided dictionary file, organizations can achieve a higher level of granular access control, ensuring that users and devices are consistently placed in the correct network segments based on their identity, device type, and location. This enhances the overall security of the campus zero trust network by reducing the risk of unauthorized access and lateral movement.

Nile's cloud-managed architecture provides a simple path for 802.1X deployment. This includes the ability to:

By leveraging Nile's 802.1X capabilities, you can establish a robust, campus zero trust network that securely connects all devices and users, regardless of their location or device type.

Contact us today to learn more about how Nile can help secure your campus environment.

Single Sign-On (SSO)