Statistics on EAP methods widely used
Phil Mayers
p.mayers at imperial.ac.uk
Tue Nov 20 19:19:36 CET 2012
On 20/11/12 17:50, Panagiotis Georgopoulos wrote:
>> 91 0d
>> 501 03
>> 4848 15
>> 7540 01
>> 35801 19
>>
>> So, about 75% PEAP, 10% TTLS, 15% identity packets, less than 0.2% TLS.
>
> Thanks a lot for this specific results. Essentially you are proving my point :-)
>
> At first you said that 99.9% is PEAP and practise says that 75% is PEAP (even in just 4
> hours). Essentially this is what I am after, to see whether what I am reading online is
> also what happens in practice (in terms of deployment and usage) (and then search why).
Sorry, but you're misunderstanding the stats, or reading too much into them.
These are EAP types from EAP *packets*, not sessions. And, as I said, it
excludes our *own* users (i.e. it's just visitors) which removed several
hundred thousand PEAP packets from the count.
EAP-Identity doesn't count as an auth type; there is one EAP packet for
every session, at the start.
If you exclude the Identity packets (type 1) and NAK packets (type 3)
you have:
91 0d
4848 15
35801 19
This is 87% PEAP. However, this is still *packets*. It takes no account
of sessions, of the client re-auth times, TLS session resumption, and so
forth, and is still just for visitors.
I'm afraid I don't have time to do more detailed processing. But really,
you would want to "unique" any stats by client (Calling-Station-Id) and
EAP-type, and measure "EAP type client days" or something.
More information about the Freeradius-Users
mailing list