Thanks for the quick reply Heikki. Does Radiator support Macsec for switch-host and switch-switch links? The two connection types are quite different. There is a great explanation of how Macsec works and what information is exchanged here:
https://clnv.s3.amazonaws.com/2015/usa/pdf/BRKCRS-2892.pdf As you can see, there is more than just the Eap-key-name avpair being returned and calculated. However that's what Radiator documentation specified as supported. ________________________________________ From: radiator-boun...@open.com.au [radiator-boun...@open.com.au] on behalf of Heikki Vatiainen [h...@open.com.au] Sent: Thursday, April 14, 2016 9:52 AM To: radiator@open.com.au Subject: Re: [RADIATOR] A few questions regarding MacSec On 14.04.2016 00:54, Nadav Hod wrote: > 1) Is it possible to implement MacSec with compatible Cisco switches and > supplicants (such as AnyConnect) using Radiator, but without Cisco > ISE/ACS? Is any other software necessary? MacSec from the RADIUS server perspective requires just calculating the EAP-Key-Name when EAP-Key-Name with value of 0x00 (or empty value) is received in the Access-Request. For this reason I don't think any other software is necessary on the Radiator side. > 2) Does Microsoft NPS 2008/2012 also support MacSec without an ISE/ACS > server? If not do you know why it can't authenticate a supplicant? Is > there documentation of this? That I do not know. I think the MS documentation for NPS will tell if it supports MacSec. > 3) Where can I find an example of MacSec configuration for Radiator? There's nothing to configure with Radiator. When the EAP-Key-Name is present, as described above, Radiator will calculate and reply with EAP-Key-Name in Access-Accept. Thanks, Heikki -- Heikki Vatiainen h...@open.com.au _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
