[RADIATOR] PEAP from Radiator via Juniper switches

[Alan Buxey]

config?

alan




-------- Original message --------
From: Garry Shtern <Garry.Shtern at twosigma.com>
Date: 26/07/2013 22:40 (GMT+00:00)
To: "'radiator at open.com.au'" <radiator at open.com.au>
Subject: [RADIATOR] PEAP from Radiator via Juniper switches


All,

I ran into an interesting issue.  I am trying to do PEAP/MSCHAPv2 via Juniper EX switch to Radiator.  I am seeing the Access-Request come in, and Radiator responds with Access-Challenge which is dropped by the EX.  However, I have the same switch pointing to Microsoft NPS and everything works flawlessly.

Looking over packet captures and debugs on the Radiator I noticed the following difference in responses:

-          NPS returns “Authenticator” and following AVPs:

o   Session-Timeout

o    EAP-Message w/ EAP Request 1, Id 1, Type 25 (PEAP), Start Flag and PEAP version 0

o   State

o   Messages-Authenticator

-          Radiator returns “Authenticator” and none of the AVPs.

I am suspecting that Juniper EX has an issue with this and that’s why it’s dropping the frames, while Cisco IOS switch is absolutely fine and forwards the traffic back to the client w/o much of a consideration.

Is there any easy way to force Radiator to add the same attributes to the Challenge as NPS?

Thanks.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130727/e2a63287/attachment.html