| RE: Issue 204: Peer-to-peer operation | <– Date –> <– Thread –> |
From: Joseph Salowey (jsalowey cisco.com)
|
|
| Date: Wed, 26 Nov 2003 11:14:29 -0600 (CST) | |
> -----Original Message----- > From: Bernard Aboba [mailto:aboba [at] internaut.com] > Sent: Wednesday, November 26, 2003 9:13 AM > To: Joseph Salowey > Cc: 'Jari Arkko'; 'Nick Petroni'; eap [at] frascone.com > Subject: RE: [eap] Issue 204: Peer-to-peer operation > > > > > Yes, I think that may be required. > > > > [Joe] If these attributes are not present do you deny > access or is this > > a local policy decision on the NAS? Shouldn't this be > centralized with > > the rest of the access policy in AAA? > > I think this is more about whether it is necessary to rerun > EAP in the other direction. The authenticator will still > provide access either way. > [Joe] OK, sorry to be playing catch up, so the possibility is that the Peer has not had its policy satisfied so it will not open its port, but the authenticator may not have any way to know this since it may have considered its policy complete. It would seem that in this case the peer would then want to reverse roles and authenticate the previous authenticator. Can't this be signaled in 802.1x?
- Re: Issue 204: Peer-to-peer operation, (continued)
- Re: Issue 204: Peer-to-peer operation Jari Arkko, November 26 2003
- Re: Issue 204: Peer-to-peer operation Bernard Aboba, November 26 2003
- RE: Issue 204: Peer-to-peer operation Joseph Salowey, November 26 2003
- RE: Issue 204: Peer-to-peer operation Bernard Aboba, November 26 2003
- RE: Issue 204: Peer-to-peer operation Joseph Salowey, November 26 2003
- RE: Issue 204: Peer-to-peer operation Bernard Aboba, November 26 2003
- RE: Issue 204: Peer-to-peer operation Joseph Salowey, November 26 2003
- RE: Issue 204: Peer-to-peer operation Bernard Aboba, November 26 2003
Results generated by Tiger Technologies using MHonArc.