[RADIATOR] A few questions regarding MacSec
Heikki Vatiainen
hvn at open.com.au
Thu Apr 14 01:52:02 CDT 2016
On 14.04.2016 00:54, Nadav Hod wrote:
> 1) Is it possible to implement MacSec with compatible Cisco switches and
> supplicants (such as AnyConnect) using Radiator, but without Cisco
> ISE/ACS? Is any other software necessary?
MacSec from the RADIUS server perspective requires just calculating the
EAP-Key-Name when EAP-Key-Name with value of 0x00 (or empty value) is
received in the Access-Request.
For this reason I don't think any other software is necessary on the
Radiator side.
> 2) Does Microsoft NPS 2008/2012 also support MacSec without an ISE/ACS
> server? If not do you know why it can't authenticate a supplicant? Is
> there documentation of this?
That I do not know. I think the MS documentation for NPS will tell if it
supports MacSec.
> 3) Where can I find an example of MacSec configuration for Radiator?
There's nothing to configure with Radiator. When the EAP-Key-Name is
present, as described above, Radiator will calculate and reply with
EAP-Key-Name in Access-Accept.
Thanks,
Heikki
--
Heikki Vatiainen
hvn at open.com.au
More information about the radiator
mailing list