MACSEC on Cisco 3750-X and FreeRADIUS 2.2.5

Alan DeKok aland at
Fri Feb 27 13:23:07 CET 2015

On Feb 27, 2015, at 3:43 AM, Krause, Kilian <krause at> wrote:
> If there would have been anything above that would have looked like an error, I'd surely have copied it here.

  i.e. you’re asking for help, but you’re an expert, and know which things are important and which aren’t.

  Uh… no.

  If you’re asking for help, then you shouldn’t argue with the experts.  It’s conceited.

  If you’re an expert, you should be able to solve the problem yourself.

>>  Hmmm… editing the server configuration will make the client magically
>> start sending correct EAP packets?
> As you may see here, I'm not yet fully understanding which part of the state machine between server and client is stopping where. It may or may not be the FR or the client or the EAP. I just don't know yet. And exactly that is what I'm trying to find out first.

  You really think that the *default configuration* of FreeRADIUS is to break EAP?  And that editing the mschap configuration will un-break it?

  What a bizarre idea.

  For the record, the client is broken.  It’s garbage.  It doesn’t implement EAP properly.  A small amount of critical thinking would get you there.

> Above you say that the problem isn't with Macsec. And trying without works just fine. The switchport and the vlan is working flawlessly.

  Did you try with *EAP*?  I presume not, otherwise you’d get the “malformed EAP message” again.

> See and explain it to me then.

  <sigh>  Zip files are annoying.  It means you’re forcing people to go through an extra step.  There’s nothing like making it as hard as possible for people for people to help you.

  And when I look at the logs, I see that you’ve gone out of your way to butcher them.  Why?  You’ve removed the exact information I need to help you.

  Since you think you’re a genius, you can fix the problem yourself.  I can’t help people who don’t want to be helped.

  Go away.  Don’t come back. 

  Alan DeKok.

More information about the Freeradius-Users mailing list