No subject

Eric Nguyen ericvunguyen at
Sat Aug 6 00:05:36 UTC 2022

Does Freeradius 3.2.0 fully support MACSEC/dot1x?  The only information
I've found is that the following snippet in sites-available/default needs
to be uncommented.  Are there any additional RADIUS AV pairs I need to
configure to make it work with Macsec/dot1x on Cisco devices?

#  MacSEC requires the use of EAP-Key-Name.  However, we don't
#  want to send it for all EAP sessions.  Therefore, the EAP
#  modules put required data into the EAP-Session-Id attribute.
#  This attribute is never put into a request or reply packet.
#  Uncomment the next few lines to copy the required data into
#  the EAP-Key-Name attribute
if (&reply:EAP-Session-Id) {
update reply {
EAP-Key-Name := &reply:EAP-Session-Id

Thanks a lot.

More information about the Freeradius-Users mailing list