MACSEC on Cisco 3750-X and FreeRADIUS 2.2.5
Krause, Kilian
krause at tik.uni-stuttgart.de
Tue Mar 3 15:14:12 CET 2015
Hi Phil,
> On 03/03/15 13:19, Krause, Kilian wrote:
>
> > [peap] Session established. Decoding tunneled attributes.
> > [peap] Peap state WAITING FOR SOH RESPONSE
> > [peap] EAP type 254
> > [peap] SoH - extended eap vendor 00000000 is not Microsoft
>
> As far as I can tell, this is illegal PEAP tunnel content, per the
> MS-PEAP spec (which I followed when I implemented the SoH stuff)
Thanks for the quick answer. That's what I sort of expected already.
> If you think this is causing the problem - and I'm by no means convinced
> - then your client isn't following the only documented, up-to-date PEAP
> spec, and you'll need to disable SoH.
I'll go and ask Cisco what they think. In the meantime I've got a workaround (disabled SoH) for now that I can live with. ;-)
Cheers,
Kilian
More information about the Freeradius-Users
mailing list