cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2032
Views
10
Helpful
3
Replies

Good RFC 3576 info for WiSM?

b.julin
Level 3
Level 3

Does anyone have a good link to info on what does and does not work for RFC3576 on WLCs?

What all is supported? Packet of Disconnect, yes, I know, but can a Change of Authorization (CoA) packet be used to switch vlans? And if so, are commodity supplicants smart enough to re-initiate DHCP (we run DHCP-required).

3 Replies 3

gmarogi
Level 5
Level 5

This link is one good repository which has lots of info about cisco WLCs.

http://www.cisco.com/en/US/tech/tk722/tk809/tech_configuration_examples_list.html

Roger Nobel
Cisco Employee
Cisco Employee

Hi,

Some days ago I add a document, seems just on time :-)

https://supportforums.cisco.com/docs/DOC-8473

Note:

1.)    WLC needs to send calling-station-id as mac address, to let the AAAserver know it. We can force using command
cli:> config radius callStationIdType macAddr

2.)    AAA server has to send only the three attributes required per bug id CSCso52532
User-Name = ...
Calling-Station-Id = ... (mac add format 00-11-22-33-44-55)
Service-Type = 1    (login)

Hope it hels

Lucien Avramov
Level 10
Level 10
Check out defect  CSCso52532. Also, make sure you use 6.0 to test this. Due to CSCsv34136, WLC will drop the
PoD due to some wrong source port checking.


IN order to send a RADIUS Disconnect-Request (RFC 3576) to the WiSM
to disconnect a user you have to know the right values to send.

Conditions:

. If a user has to be logged out then, following attributes are expected
  - SSH_RADIUS_AVP_SERVICE_TYPE(6) attribte with following value.
         SSH_RADIUS_SERVICE_TYPE_LOGIN(1)
       - SSH_RADIUS_AVP_CALLING_STATION_ID(31) - this is needed, if
              we want to delete  particular user  session via particular device
              (like PDA, Phone or PC)

       - SSH_RADIUS_AVP_USER_NAME(1)

. If a management user has to be logged out then, following attributes
are expected
  - SSH_RADIUS_AVP_SERVICE_TYPE(6) attribte with following value
  - SSH_RADIUS_SERVICE_TYPE_ADMINISTRATIVE
                      OR
   - SSH_RADIUS_SERVICE_TYPE_NAS_PROMPT
   - SSH_RADIUS_AVP_USER_NAME(1)
   - SSH_RADIUS_AVP_FRAMED_IP_ADDRESS(8)



NOTE THAT
3.21. Calling-Station-Id
For IEEE 802.1X Authenticators, this attribute is used to store
Supplicant MAC address in ASCII format (upper case only), with
values separated by a "-". Example: "00-10-A4-23-19-C0".

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: