I have an Ethernet link between two Linux hosts with a static IP config using systemd-networkd on the both sides without router, DHCP server, etc.
Is there a simple way to add a basic 802.1x security with only a shared passphrase (without certificate mechanism, with a tool like wpa_supplicants)?
Thanks, Emeric
802.1X is used for port-level authentication. A supplicant (client) authenticates against an authenticator (switch) that uses a back-end authentication server over RADIUS.
Setting up a Linux server as both authenticator and authentication server might be possible, but you cannot use 802.1X for mutual authentication.
Depending on what you're actually trying to accomplish, 802.1X might not be useful anyway:
If you want encryption, there's MACsec (likely not practical either) or various flavors of VPN (IPsec, SSL, SSH, ...).
You should also consider hardening the service(s) you're using, so you can run them without further ado over a plain cable, zero-trust style.
