MACSEC on Cisco 3750-X and FreeRADIUS 2.2.5

Phil Mayers p.mayers at
Tue Mar 3 16:33:13 CET 2015

On 03/03/15 14:21, A.L.M.Buxey at wrote:
> Hi,
>> [peap] Session established.  Decoding tunneled attributes.
>> [peap] Peap state WAITING FOR SOH RESPONSE
>> [peap] EAP type 254
>> [peap] SoH - extended eap vendor 00000000 is not Microsoft
> o, SoH sends SoH to the client... but the client doesnt like it - EAP type 254 - expanded NAK -
> looks like the SoH takes this response as an actual answer ?

Well, it expects a response or a plain NAK there because that's what 
MS-PEAP says are the only valid replies, once you pick apart the state 

It's probably a good idea to be looser and accept the expanded NAK too, 
on the FR side; no real harm to it.

I didn't code that bit up very defensively :o(

More information about the Freeradius-Users mailing list