On 16.04.2016 00:27, Nadav Hod wrote: > Does Radiator support Macsec for switch-host and switch-switch links? > The two connection types are quite different. There is a great > explanation of how Macsec works and what information is exchanged > here: > > https://clnv.s3.amazonaws.com/2015/usa/pdf/BRKCRS-2892.pdf > > As you can see, there is more than just the Eap-key-name avpair being > returned and calculated. However that's what Radiator documentation > specified as supported.
If you are thinking about the CAK (Connectivity Association Key), it will be returned with MS-MPPE-Send-Key and MS-MPPE-Recv-Key quite similar to what TLS based EAP methods too. This is how Radiator already works: you will have EAP-Key-Name and the MS-MPPE-* attributes in Access-Accept. The doc you referred to seems to say CAK is returned, but not how. See for example Cisco's MacSec deplyment guide and section '2.2.2 IEEE 802.1X and Master Key Distribution' http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/deploy_guide_c17-663760.pdf Thanks, Heikki -- Heikki Vatiainen h...@open.com.au _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator