[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: alternatives for carrying eap lower layer information
There are multiple problems being discussed here:
a. Ability to differentiate tunneled EAP methods (PEAP, EAP-IKEv2, etc.) from non-tunneled EAP methods.
b. Ability to differentiate EAP lower layers from one another (EAP-IKEv2).
In terms of problem a), the EAP peer and server know what EAP method is being negotiated (and whether it is tunneled), but the NAS is presumed to be a pass-through. Therefore, I am not clear how the NAS would obtain information on the EAP method to put into an attribute, unless it gets this from the RADIUS server.
In terms of problem b), it seems that the problem arises in part from the allocation of a single NAS-Port-Type (Virtual) to all tunnels. In contrast, in RFC 2868 the combination of Tunnel-Type and Tunnel-Medium-Type attributes enables description of virtually any tunnel type over any medium. I'd suggest that this approach is more sound than trying to allocate a NAS-Port-Type value for every conceivable combination.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>