Configuring freeradius for MACsec

desweil desweil at
Thu May 3 10:48:45 CEST 2012

I have succesfully tested MACsec with the Cisco ACS and EAP-FAST as
EAP-Method. The EAP-Key-Name sent by the ACS is constructed like this:

rfc4851: 3.5.  EAP-FAST Session Identifier
The EAP session identifier is constructed using the random values
provided by the peer and server during the TLS tunnel establishment.
The Session-Id is defined as follows:

Session-Id  = 0x2B || client_random || server_random)
client_random = 32 byte nonce generated by the peer
server_random = 32 byte nonce generated by the server

Quoted from the Cisco MACsec Deployment Guide:
The switch has no visibility into the details of the EAP session between the
supplicant and the authentication server, so it cannot derive the MSK or the
CAK directly. Instead, the switch receives the CAK from the authentication
server in the Access-Accept message at the end of the IEEE 802.1X
authentication. The CAK is delivered in the RADIUS vendor-specific
attributes (VSAs) MS-MPPE-Send-Key and MS-MPPE-Recv-Key. Along with the CAK,
the authentication server sends an EAP key identifier that is derived from
the EAP exchange and is delivered to the authenticator in the EAP Key-Name
attribute of the Access-Accept message.

Note: MACsec is similar to IEEE 802.11i.  
If you are familiar with the wireless encryption mechanisms defined in IEEE
802.11i, you will notice similarities with MACsec. In IEEE 802.11i, the MSK
derived from EAP is used to generate a pairwise master key (PMK) on the
supplicant and the authentication server. The authentication server
transmits the PMK to the authenticator through the Microsoft Point-to-Point
Encryption (MPPE) VSAs. Thus, the PMK is 
the wireless analogue of the CAK. However, the use of the EAP Key-Name value
is unique to MACsec. 

View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list