Integration with CISCO Router for PEAP requests

Andras Ionut ionut.andras at gmail.com
Thu Aug 30 16:11:10 CEST 2012


Hi Phil,

Thanks a lot for the quick response.

I need this for PEAP with EAP protocol inside the tunnel, like EAP-MSCHAPv2.

Again, The device MUST reject the connection as EAP is not completed,
but the ROUTER needs that Access-Accept,
in order to be able to redirect user to portal.

Can this be done?

Thanks in advance.

Andras



On 30/08/12 11:12, Andras Ionut wrote:
> Thanks a lot for the quick answer Arran.
>
> That is exactly wahat I need - sending an Access-Accept and maybe
> EAP-Success if possible. I don't care if the device will not connect.
> I only need Access-Accept in order for the CISCO router to assign an
> IP to the client and redirect it to portal using L4_Redirect.

You're not understanding what Arran said.

This is an FAQ:

http://wiki.freeradius.org/FAQ#How-do-I-permit-access-to-any-user-regardless-of-password%3F

In short: many (most?) devices will drop the connection if auth fails,
including a missing or invalid final response in the inner
challenge-response auth.

So, forcing an accept might work for the router. But the client will
probably disconnect.

>
> Can this be done? If yes, can you please be more explicit on how to do
> this in freeradius?

See the FAQ entry above.


More information about the Freeradius-Users mailing list