Hello everyone, I'm trying to configure MACsec (per http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/deploy_guide_c17-663760.pdf ) in a test lab using cisco supplicant & switch and freeradius 2.1.12.
Cisco docs say: "The CAK is delivered in the RADIUS vendor-specific attributes (VSAs) MS-MPPE-Send-Key and MS-MPPE-Recv-Key." "...authentication server sends an EAP key identifier that is derived from the EAP exchange and is delivered to the authenticator in the EAP Key-Name attribute of the Access-Accept message." With successful EAP-TLS authentication the Access-Accept message sent from freeradius looks like this: Sending Access-Accept of id 37 to 10.20.64.9 port 1645 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "123" MS-MPPE-Recv-Key = 0x84e5c624c3bcdeadca3c6210f24bd7b8336921ccc1c58399d397afc75770332c MS-MPPE-Send-Key = 0xa6c4860cc8092c251502f5adc3ee13586e05fe84cbbb8b6793b08d9523d12b1f EAP-Message = 0x03640004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "user1" What should be configured for radius to also send EAP-Key-Name AVP? Kind regards, Matija Levec - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html