Configuring freeradius for MACsec

Alan DeKok aland at deployingradius.com
Fri Feb 24 08:38:32 CET 2012


Matija Levec wrote:
> What should be configured for radius to also send EAP-Key-Name AVP?

  Nothing.

  RFC 4072 says:

   The EAP-Key-Name AVP (Radius Attribute Type 102) is of type
   OctetString.  It contains an opaque key identifier (name) generated
   by the EAP method.  Exactly how this name is used depends on the link
   layer in question, and is beyond the scope of this document (see
   [EAPKey] for more discussion).

   Note that not all link layers use this name, and currently most EAP
   methods do not generate it.

  TTLS doesn't generate it.  My guess is that Cisco has invented
something themselves which defines EAP-Key-Name.  Find out what that is,
and we can implement it in FreeRADIUS.

  Alan DeKok.



More information about the Freeradius-Users mailing list