MACSEC on Cisco 3750-X and FreeRADIUS 2.2.5
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Feb 26 11:35:43 CET 2015
Hi,
> we're currently trying to get MACSEC (802.1ae) configured on a Cisco WS-C3750X-48P running IP base 15.0(2)SE7 on customer facing ports.
>
> For authentication we've got a radiator 4.14 as radius proxy configured on the switch and forward all (in this case only EAP) requests onto a FreeRADIUS 2.2.5+dfsg-0.1~bpo70+1 (Debian wheezy backports). The authenticating client is a Win7 (x86_64) running AnyConnect 3.1.06079.
>
> As per http://lists.freeradius.org/pipermail/freeradius-users/2013-February/065041.html MACSEC should be working ok (since around 2.2.1 or 2.2.2) when uncommenting the relevant part in sites-enabled/default (which we've done).
1) full debug log is very useful
2) what happens when you send the request directly to FR?
> Since all of the relevant howtos I could find on the 'net either cover only the switch config alone or a combination of switch and Cisco ISE I'd like to raise the question whether anyone around here has gotten a similar setup up and running already.
ensure you send back the right VSAs on Access-Accept - see the Cisco ISE docs - cisco sometimes also document other RADIUS platforms...but rarely..
and check to see what they are saying to configure the ISE with
alan
More information about the Freeradius-Users
mailing list