MACSEC on Cisco 3750-X and FreeRADIUS 2.2.5
Phil Mayers
p.mayers at imperial.ac.uk
Tue Mar 3 16:33:13 CET 2015
On 03/03/15 14:21, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> [peap] Session established. Decoding tunneled attributes.
>> [peap] Peap state WAITING FOR SOH RESPONSE
>> [peap] EAP type 254
>> [peap] SoH - extended eap vendor 00000000 is not Microsoft
>
> o, SoH sends SoH to the client... but the client doesnt like it - EAP type 254 - expanded NAK -
> looks like the SoH takes this response as an actual answer ?
Well, it expects a response or a plain NAK there because that's what
MS-PEAP says are the only valid replies, once you pick apart the state
machine.
It's probably a good idea to be looser and accept the expanded NAK too,
on the FR side; no real harm to it.
I didn't code that bit up very defensively :o(
More information about the Freeradius-Users
mailing list