Hi, We are trying to bring up MACsec with Cisco and FR, and we are stuck because of Radius unable to send EAP-Key-Name AVP. Below is what is expected as per RFC4072
RFC4072 says "A home Diameter server receiving a Diameter-EAP-Request with a Key-Name AVP with non-empty data MUST silently discard the AVP. In addition, the home Diameter server SHOULD include this AVP in Diameter-EAP-Response only if an empty EAP-Key-Name AVP was present in Diameter-EAP-Request." But radius server is not sending EAP-Key-Name AVP (Radius Attribute Type 102) even invalid AVP present in the Diameter-EAP-Request". Below is the debug print of radius Sending Access-Accept of id 647 to 10.20.64.9 port 1645 MS-MPPE-Recv-Key = 0x84e5c624c3bcdeadca3c6210f24bd7b8336921ccc1c58399d397afc75770332c MS-MPPE-Send-Key = 0xa6c4860cc8092c251502f5adc3ee13586e05fe84cbbb8b6793b08d9523d12b1f EAP-Message = 0x03060004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "user1" Does anyone have clue on this. Thanks, Srinivas CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html