Configuring freeradius for MACsec
Alan DeKok
aland at deployingradius.com
Fri Feb 24 08:38:32 CET 2012
Matija Levec wrote:
> What should be configured for radius to also send EAP-Key-Name AVP?
Nothing.
RFC 4072 says:
The EAP-Key-Name AVP (Radius Attribute Type 102) is of type
OctetString. It contains an opaque key identifier (name) generated
by the EAP method. Exactly how this name is used depends on the link
layer in question, and is beyond the scope of this document (see
[EAPKey] for more discussion).
Note that not all link layers use this name, and currently most EAP
methods do not generate it.
TTLS doesn't generate it. My guess is that Cisco has invented
something themselves which defines EAP-Key-Name. Find out what that is,
and we can implement it in FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list