Configuring freeradius for MACsec

Alan DeKok aland at deployingradius.com
Fri Feb 24 09:36:01 CET 2012


Alan Buxey wrote:
> Iirc, Cisco macsec/trustsec is implemented with EAP-FASTv2 . Their cute
> way of tying you into Cisco ACS 5 or ISE

  Ah.  I have some code for EAP-FAST.  I might take a look at it.  The
reason it hasn't been integrated is that the vendor who wrote it did it
as pretty much a hack.  They duplicated much of the TLS code from
EAP-TLS, instead of re-using it as with PEAP and TTLS.

  Out of general principle, that needs to be fixed before it's
integrated.  Duplicate code increases bugs and maintenance costs.

  If anyone is interested in fixing it, I can put the code on github.
It's probably not that hard to fix it, it just takes time I don't have.

  Alan DeKok.



More information about the Freeradius-Users mailing list