Getting an AP to send SSID in radius request

Unanswered Question
Nov 25th, 2009

Hi everyone,

I am trying to get my Cisco AP's to send the SSID or some kind of identifier of the SSID in the radius request attributes.

This is needed for user realm mapping on my radius server.

Any ideas on how this could be achieved?

Nicolai

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anders Marius J... Wed, 12/02/2009 - 06:05

Nicolai,

The SSID is included in the 'Called-Station-ID' attribute as part of the RADIUS Access-Request.

Quote from RFC 3580:

http://www.ietf.org/rfc/rfc3580.txt

3.20.  Called-Station-Id

   For IEEE 802.1X Authenticators, this attribute is used to store the

   bridge or Access Point MAC address in ASCII format (upper case only),

   with octet values separated by a "-".  Example: "00-10-A4-23-19-C0".

   In IEEE 802.11, where the SSID is known, it SHOULD be appended to the

   Access Point MAC address, separated from the MAC address with a ":".

   Example "00-10-A4-23-19-C0:AP1".

The RADIUS must then retrieve the information from the RADIUS Access-Request packet.
Regards,
Anders
thomashaecker Thu, 04/12/2012 - 07:32

From what i experienced, the SSID should be appended to the MAC in the Called-Station-ID attribute but seems like this is only the case if you are using a WLC.

Without WLC, it can be send as a Cisco AVpair in a VSA preconditioned "radius-server vsa send authentication" is set,

but i did not find a way to append it to the Called station ID.

Actions

This Discussion

 

 

Trending Topics - Security & Network