Hello, We have tested 802.1X with eap/ttls/mschapv2 using freeradius. Every things works fine with Cisco, but, when we tested the solution with extreme networks products (Alpine3804 and summit48si) the solution did not work as expected. Apparently, the problem is a different RFC interpretation. The EAP implemented in freeradius make a unnecessary check in handle->identity variable. So we build a path for freeradius (only taking off some lines;-). Please , consider that change to next version. Joao Marcelo Ceron Leandro Bertholdo +++ eap.patch.c Sun Jun 25 21:04:58 2006 @@ -1046,13 +1046,18 @@ * request as the NAS is doing something * funny. */ - if (strncmp(handler->identity, vp->strvalue, - MAX_STRING_LEN) != 0) { - radlog(L_ERR, "rlm_eap: Identity does not match User-Name. Authentication failed."); - free(*eap_packet_p); - *eap_packet_p = NULL; - return NULL; - } + + // Commented here <Leandro Bertholdo/Joao Marcelo Ceron> + + // Changed by <Leandro Bertholdo/Joao Marcelo Ceron> + /* if (strncmp(handler->identity, vp->strvalue, + * MAX_STRING_LEN) != 0) { + * radlog(L_ERR, "rlm_eap: Identity does not match User-Name. Authentication failed."); + * free(*eap_packet_p); + * *eap_packet_p = NULL; + * return NULL; + *} + */ } } else { /* packet was EAP identity */ handler = eap_handler_alloc(); @@ -1101,14 +1106,17 @@ * identity, the NAS is doing something * funny, so reject the request. */ - if (strncmp(handler->identity, vp->strvalue, - MAX_STRING_LEN) != 0) { - radlog(L_ERR, "rlm_eap: Identity does not match User-Name, setting from EAP Identity."); - free(*eap_packet_p); - *eap_packet_p = NULL; - eap_handler_free(handler); - return NULL; - } + + // Changed by <Leandro Bertholdo/Joao Marcelo Ceron> + /* if (strncmp(handler->identity, vp->strvalue, + * MAX_STRING_LEN) != 0) { + * radlog(L_ERR, "rlm_eap: Identity does not match User-Name, setting from EAP Identity."); + * free(*eap_packet_p); + * *eap_packet_p = NULL; + * eap_handler_free(handler);