On 14.04.2016 00:54, Nadav Hod wrote: > 1) Is it possible to implement MacSec with compatible Cisco switches and > supplicants (such as AnyConnect) using Radiator, but without Cisco > ISE/ACS? Is any other software necessary?
MacSec from the RADIUS server perspective requires just calculating the EAP-Key-Name when EAP-Key-Name with value of 0x00 (or empty value) is received in the Access-Request. For this reason I don't think any other software is necessary on the Radiator side. > 2) Does Microsoft NPS 2008/2012 also support MacSec without an ISE/ACS > server? If not do you know why it can't authenticate a supplicant? Is > there documentation of this? That I do not know. I think the MS documentation for NPS will tell if it supports MacSec. > 3) Where can I find an example of MacSec configuration for Radiator? There's nothing to configure with Radiator. When the EAP-Key-Name is present, as described above, Radiator will calculate and reply with EAP-Key-Name in Access-Accept. Thanks, Heikki -- Heikki Vatiainen h...@open.com.au _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
