[RADIATOR] A few questions regarding MacSec
Tuure Vartiainen
vartiait at open.com.au
Sun Apr 17 03:47:01 CDT 2016
Hi,
> On 17 Apr 2016, at 10:21, Nadav Hod <nadav.hod at comm-it.co.il> wrote:
>
> Cisco use EAP-Fast for NDAC. The secure seeding device closest to the authentication server (this is configurable) authenticates the neighboring switches, which in turn authenticate their neighboring switches, and so on. ...
>
> Is there any chance that Radiator supports uplink Macsec within a Cisco infrastructure? I'm aware that they tailored their solution to Cisco ISE and therefore this may not be a solution based on standards, but it would be interesting to know whether this can be supported without ISE.
>
EAP-FAST part works with Radiator, but in Cisco TrustSec (CTS) switches derive
their shared secret for a RADIUS server from a PAC file and that’s an undocumented
Cisco proprietary method.
(ref: http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/arch_over.html)
BR
--
Tuure Vartiainen <vartiait at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list