Filtering RADIUS request to only allow EAP-TTLS in a proxying-only server?

[Peter Eriksson]

One thing I'd like to achive in the "EDUROAM"-responsible RADIUS
"router" (server) is to make sure that *only* EAP-TTLS requests are
forwarded to the RADIUS server doing the real user authentication.

Anyone got something already configured that I could copy?

Ie, I would like to make sure that it will reject requests that
come in from the outside with user+password stuff sent in cleartext.

(And also make sure itself won't send out such requests).

- Peter