[RADIATOR] A few questions regarding MacSec

Nadav Hod nadav.hod at comm-it.co.il
Mon Apr 18 08:27:22 CDT 2016


I see,

So Radiator supports Macsec between switches and endpoints, but not switches to other network devices, is that correct?

________________________________________
From: radiator-bounces at open.com.au [radiator-bounces at open.com.au] on behalf of Tuure Vartiainen [vartiait at open.com.au]
Sent: Sunday, April 17, 2016 11:47 AM
To: radiator at open.com.au
Subject: Re: [RADIATOR] A few questions regarding MacSec

Hi,

> On 17 Apr 2016, at 10:21, Nadav Hod <nadav.hod at comm-it.co.il> wrote:
>
> Cisco use EAP-Fast for NDAC. The secure seeding device closest to the authentication server (this is configurable) authenticates the neighboring switches, which in turn authenticate their neighboring switches, and so on. ...
>
> Is there any chance that Radiator supports uplink Macsec within a Cisco infrastructure? I'm aware that they tailored their solution to Cisco ISE and therefore this may not be a solution based on standards, but it would be interesting to know whether this can be supported without ISE.
>

EAP-FAST part works with Radiator, but in Cisco TrustSec (CTS) switches derive
their shared secret for a RADIUS server from a PAC file and that’s an undocumented
Cisco proprietary method.

(ref: http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/arch_over.html)


BR
--
Tuure Vartiainen <vartiait at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator


More information about the radiator mailing list