Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Radius user-name attribute format trouble with ACS

Unanswered Question
Dec 22nd, 2011
User Badges:

Hi there:

  We have ACS 5.3 and Wireless Lan Controllers.  We are  doing MAC authentication for wireless clients. When MAC authentication was implemented for  WLC, the format chosen for users was XX-XX-XX-XX-XX-XX.  This has been working perfectly, but now we need to integrate some autonomous AP to ACS and problems has raised.

  At initial tests we found that with the format we are using for users in ACS, authentication does not work. We did some traffic captures and found that Radius user-name attribute format was XXXXXXXXXXXX  (no dots or dashes between MAC Address).

We also realized that through AP Web interface you are able to change the format for Called-Station-ID and Calling--Station-ID attributes, but changing these has no effect in user-name attribute.

   So we are wondering if there is a way, probably in CLI, to change the format od user-name attribute, so AP sends it like XX-XX-XX-XX-XX-XX instead of XXXXXXXXXXXX.

   Thanks a lot.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Viten Patel Mon, 12/26/2011 - 05:36
User Badges:
  • Cisco Employee,

so let me understand the issue here. the WLC and AP send the same mac address in different formats?

i am pretty sure you must have done this already but did u see the ACS auth failures to see what format the acs is expecting? i am not sure but i hv seen acs expecting xxxx.xxxx.xxxx as well.

jorgecorrales1 Fri, 01/13/2012 - 10:08
User Badges:

I am sure I answered this a couple of weeks ago, but it looks like the thread was not updated.

AP and WLC send user-name attribiute with different format. WLC uses XX-XX-XX-XX-XX-XX format and AP uses XXXXXXXXXXXX.

In AP configurarion I am able to change the format for Called-Station-ID and Calling-Station-ID formats, but changing those  don't affect the format of user-name field.

Thank a lot.


This Discussion

Related Content



Trending Topics - Security & Network