EAP used for plain MAC authentication?

Alan DeKok aland at deployingradius.com
Mon Jan 5 15:26:49 CET 2015

On Jan 5, 2015, at 9:23 AM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> It would be helpful to have a reference as to why unadorned EAP messages, without a Service-Type, are harmful. Anyone know of one?

  Nope.  There is a “Service-Type = IEEE-802.1X”.  That should be used for 802.1X.  But not many vendors use it that I’ve seen.

  Perhaps a better solution would be to have a Service-Type dedicated to MAC authentication.  Then it wouldn’t matter what authentication method was being used.  Sadly, it’s too late for that.

  Alan DeKok.

More information about the Freeradius-Users mailing list