SecGW uses RADIUS interface between
AAA and SecGW for EAP-MD5 authentication of IPSec peer. Radius protocol is used
between AAA Server and SecGW. SecGW will act as EAP-pass-through only.
Assumptions and Limitation
The implementation will be valid only for SecGW RAS mode.
EAP payload will not be validated only header will be validated.
The prefix in Idi payload, which decides the EAP-Type to be
performed for authentication is out of scope for this feature. As there is no
prefix digit assigned to it, it will be decided by mutual agreement between
SecGW peer (like FAP) and AAA server.
Support for EAP-MD5
Use the following configuration to configure SecGW Support for
configcontext context_name wsg-service service_name associate subscriber-map subscriber_map_name end
Below are the show commands
outputs added as part of this feature SecGW Support for EAP-MD5:
show crypto stats ikev2:
Existing Show command outputs significant to EAP-MD5 feature: