EAP used for plain MAC authentication?

Nick Lowe nick.lowe at gmail.com
Mon Jan 5 14:56:09 CET 2015


On Mon, Jan 5, 2015 at 1:31 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:

On 05/01/15 13:23, Nick Lowe wrote:
>
>  I pointed out to Aerohive that they were missing the Service-Type AVP on
>> all but 802.1X authentication. It got fixed in a subsequent software
>> release.
>>
>
> That's a welcome change from the norm then


It is probably atypical but it does mean that not all vendors are the same.
I have had similar issues with HP in the past and got nowhere at all.

I think it's worth trying though, and being persistent.

Aerohive have actually been really responsive to the issues that I have
raised:

I also historically had problems where:


   - The User-Name AVP would get truncated to 31 characters.
   - A malformed Called-Station-ID attribute was sent after boot with an
   empty SSID component until the AP had fully initialized.
   - Acct-Multi-Session-Id AVP not sent in an ASCII/UTF-8 encoded value.

These were fixed in a special build they got to me in a under a week, then
rolled in to the next general release.

They also added the Acct-Session-Id to the Accounting-On packet they were
sending after I pointed out that this strictly broke the spec.

In their upcoming 6.4r1 software release they should be fixing other things
I've reported:

   - Framed-IP-Address accuracy/spoofing issue where an AP would use ARP
   and not DHCP snooped information only to populate the value.
   - Framed-IP-Address issue where an async Interim-Update would not be
   sent when DHCP snooped information became available, only picked up on the
   next regular accounting interval.
   - Event-Timestamp missing from Accounting-On and Start.

Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150105/9b39581c/attachment.html>


More information about the Freeradius-Users mailing list