Configuring freeradius for MACsec
Phil Mayers
p.mayers at imperial.ac.uk
Fri Feb 24 10:58:30 CET 2012
On 02/24/2012 07:38 AM, Alan DeKok wrote:
> TTLS doesn't generate it. My guess is that Cisco has invented
> something themselves which defines EAP-Key-Name. Find out what that is,
> and we can implement it in FreeRADIUS.
FWIW, a bit more digging shows section 1.4.1 of RFC 5247 is relevant,
saying that:
EAP-Key-Name = <eap type> || <eap session id>
...and appendix A lists Peer-Id, Server-Id and Session-Id values for
existing methods. Sadly, since neither PEAP nor TTLS were ever
standardised, it skips those :o(
RFC 5216 suggests that EAP-TLS, and possibly all TLS-based methods in
the absence of an alternative, might define EAP-Key-Name as:
<eap type> || 0x0d || <tls client random> || <tls server random>
But it's all very unclear, and I'm struggling to see what the point is;
what is all this crud for?
More information about the Freeradius-Users
mailing list