dot1x, MAB and EAP-TLS/PEAP with Freeradius

Vieri Di Paola vieridipaola at
Fri Sep 9 22:48:39 UTC 2022

On Thu, Sep 8, 2022 at 3:15 PM Matthew Newton <mcn at> wrote:
> You can enable "with_cisco_vsa_hack" in the preprocess module and add a
> new local attribute "method" in /etc/raddb/dictionary. Then the
> preprocess module will convert the fake Cisco AVpair attribute into a
> real one. Makes things easier.

Thanks for that.

> Other usual checks for MAB are that there is no EAP-Message attribute,
> User-Name and User-Password are identical, and both are a MAC address
> format.

Thanks for pointing that out.

It seems to be working fine now in my scenario.

Thanks to all,


More information about the Freeradius-Users mailing list