Configuring freeradius for MACsec
Matija Levec
Matija.Levec at astec.si
Fri Feb 24 09:16:40 CET 2012
>>> On 24.2.2012 at 8:38, in message <4F473E78.2070807 at deployingradius.com>, Alan
DeKok <aland at deployingradius.com> wrote:
> Matija Levec wrote:
>> What should be configured for radius to also send EAP-Key-Name AVP?
>
> Nothing.
>
> RFC 4072 says:
>
> The EAP-Key-Name AVP (Radius Attribute Type 102) is of type
> OctetString. It contains an opaque key identifier (name) generated
> by the EAP method. Exactly how this name is used depends on the link
> layer in question, and is beyond the scope of this document (see
> [EAPKey] for more discussion).
>
> Note that not all link layers use this name, and currently most EAP
> methods do not generate it.
>
> TTLS doesn't generate it. My guess is that Cisco has invented
> something themselves which defines EAP-Key-Name. Find out what that is,
> and we can implement it in FreeRADIUS.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
That is very likely the case. :(
I'll try to get ACS 5.x and get any useful info out of it - not being very optimistic though.
I'd like to thank everyone for their comments.
Kind regards,
Matija Levec
More information about the Freeradius-Users
mailing list