wpa_supplicant Configuration
Working Configuration (modestus-p50)
This configuration is verified working on the home lab as of 2026-01-19.
Host: modestus-p50 (Arch Linux)
Interface: enp0s31f6 (Intel I219-LM)
MAC: C8:5B:76:C6:59:62
ISE Result: Authorized, VLAN 40, IP 10.50.40.100
Configuration File
/etc/wpa_supplicant/wpa_supplicant-wired-enp0s31f6.conf
# EAP-TLS configuration for wired 802.1X
# Verified working: 2026-01-19
ctrl_interface=/run/wpa_supplicant
ctrl_interface_group=wheel
eapol_version=2
ap_scan=0
fast_reauth=1
network={
key_mgmt=IEEE8021X
eap=TLS
identity="modestus-p50.inside.domusdigitalis.dev"
ca_cert="/etc/ssl/certs/HOME-ROOT-CA.pem"
client_cert="/etc/ssl/certs/modestus-p50-eaptls.pem"
private_key="/etc/ssl/private/modestus-p50-eaptls.key"
eapol_flags=0
}Generic Template
For other workstations, use this template:
/etc/wpa_supplicant/wpa_supplicant-wired-<interface>.conf
ctrl_interface=/run/wpa_supplicant
ctrl_interface_group=wheel
eapol_version=2
ap_scan=0
fast_reauth=1
network={
key_mgmt=IEEE8021X
eap=TLS
identity="<hostname>.inside.domusdigitalis.dev"
ca_cert="/etc/ssl/certs/HOME-ROOT-CA.pem"
client_cert="/etc/ssl/certs/<hostname>-eaptls.pem"
private_key="/etc/ssl/private/<hostname>-eaptls.key"
eapol_flags=0
}Configuration Parameters
| Parameter | Description |
|---|---|
ctrl_interface |
Path for wpa_cli control socket |
eapol_version |
EAPOL version (2 for modern switches) |
ap_scan |
0 for wired networks |
identity |
Certificate subject or UPN |
ca_cert |
Root CA certificate path |
client_cert |
Client certificate path |
private_key |
Private key path |
private_key_passwd |
Private key password |