I see, So Radiator supports Macsec between switches and endpoints, but not switches to other network devices, is that correct?
________________________________________ From: radiator-boun...@open.com.au [radiator-boun...@open.com.au] on behalf of Tuure Vartiainen [varti...@open.com.au] Sent: Sunday, April 17, 2016 11:47 AM To: radiator@open.com.au Subject: Re: [RADIATOR] A few questions regarding MacSec Hi, > On 17 Apr 2016, at 10:21, Nadav Hod <nadav....@comm-it.co.il> wrote: > > Cisco use EAP-Fast for NDAC. The secure seeding device closest to the > authentication server (this is configurable) authenticates the neighboring > switches, which in turn authenticate their neighboring switches, and so on. > ... > > Is there any chance that Radiator supports uplink Macsec within a Cisco > infrastructure? I'm aware that they tailored their solution to Cisco ISE and > therefore this may not be a solution based on standards, but it would be > interesting to know whether this can be supported without ISE. > EAP-FAST part works with Radiator, but in Cisco TrustSec (CTS) switches derive their shared secret for a RADIUS server from a PAC file and that’s an undocumented Cisco proprietary method. (ref: http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/arch_over.html) BR -- Tuure Vartiainen <varti...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
