Hi,
we're currently trying to get MACSEC (802.1ae) configured on a Cisco WS-C3750X-48P running IP base 15.0(2)SE7 on customer facing ports.
For authentication we've got a radiator 4.14 as radius proxy configured on the switch and forward all (in this case only EAP) requests onto a FreeRADIUS 2.2.5+dfsg-0.1~bpo70+1 (Debian wheezy backports). The authenticating client is a Win7 (x86_64) running AnyConnect 3.1.06079.
As per http://lists.freeradius.org/pipermail/freeradius-users/2013-February/065041.... MACSEC should be working ok (since around 2.2.1 or 2.2.2) when uncommenting the relevant part in sites-enabled/default (which we've done).
1) full debug log is very useful 2) what happens when you send the request directly to FR?
Since all of the relevant howtos I could find on the 'net either cover only the switch config alone or a combination of switch and Cisco ISE I'd like to raise the question whether anyone around here has gotten a similar setup up and running already.
ensure you send back the right VSAs on Access-Accept - see the Cisco ISE docs - cisco sometimes also document other RADIUS platforms...but rarely.. and check to see what they are saying to configure the ISE with alan