multiple CAs

Christian Bösch boesch at fhv.at
Mon Jun 8 14:38:51 CEST 2015


Hi,

How do I realize this scenario?
I have Cisco IP phones which do 802.1X EAP-TLS with their manufactoring installed cert.
Behind (through the internal switch in the phone) there are clients which do 802.1X PEAP.
So the phone needs to validate against the Cisco CA and the client against another CA.
Is there any fallback mechanism so that I can specify 2 CA_file lines in the eap config file?
Or is there any other approach?

Thanks,
Chris




More information about the Freeradius-Users mailing list