2 Mar
2015
2 Mar
'15
5:43 a.m.
Hi,
Do you reckon that using tunneled reply (which we obviously need to support CUI on eduroam) shouldn't break MACSEC? If so, why are is activating it in the FR default config breaking MACSEC in my lab and what might be a possible fix for this?
this sort of thing is usually because you are leaking things from the inner to the outer which clash with the NAS's idea of whats going on - eg you are leaking the User-Name from the inner to the outer...thus negating the point of an anonymous outerID - which is what CUI is actually for ;-) to confirm/verify, either dont play with/expose the inner User-Name or set the client to have the same outerid as its innerid (eg classic Windows behaviour) alan