EAP used for plain MAC authentication?
Alan DeKok
aland at deployingradius.com
Mon Jan 5 15:26:49 CET 2015
On Jan 5, 2015, at 9:23 AM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> It would be helpful to have a reference as to why unadorned EAP messages, without a Service-Type, are harmful. Anyone know of one?
Nope. There is a “Service-Type = IEEE-802.1X”. That should be used for 802.1X. But not many vendors use it that I’ve seen.
Perhaps a better solution would be to have a Service-Type dedicated to MAC authentication. Then it wouldn’t matter what authentication method was being used. Sadly, it’s too late for that.
Alan DeKok.
More information about the Freeradius-Users
mailing list