MACSEC on Cisco 3750-X and FreeRADIUS 2.2.5

Krause, Kilian krause at tik.uni-stuttgart.de
Tue Mar 3 15:14:12 CET 2015


Hi Phil,

> On 03/03/15 13:19, Krause, Kilian wrote:
> 
> > [peap] Session established.  Decoding tunneled attributes.
> > [peap] Peap state WAITING FOR SOH RESPONSE
> > [peap] EAP type 254
> > [peap] SoH - extended eap vendor 00000000 is not Microsoft
> 
> As far as I can tell, this is illegal PEAP tunnel content, per the
> MS-PEAP spec (which I followed when I implemented the SoH stuff)

Thanks for the quick answer. That's what I sort of expected already.

 
> If you think this is causing the problem - and I'm by no means convinced
> - then your client isn't following the only documented, up-to-date PEAP
> spec, and you'll need to disable SoH.

I'll go and ask Cisco what they think. In the meantime I've got a workaround (disabled SoH) for now that I can live with. ;-)

Cheers,
Kilian




More information about the Freeradius-Users mailing list