Cisco ACS Service Selection Rule using Called-Station-ID
We're currently running a Cisco ACS 220.127.116.11 VM appliance and using this to authenticate wireless clients from a Cisco 5508 WLAN setup. I've setup a Service Selection rule to match RADIUS Protocol and a Compound Condition where RADIUS-IETF is looking for Called-Station-ID to match the MAC of the AP along with the SSID. I also have a catch all rule to match only RADIUS and authenticate via AD.
When looking at AAA Authentication logs, I'm seeing the correct info on successful authentication (<MAC>:<SSID>) but I'm not seeing any rule hits when looking at the Service Selection Rules after doing a manual refresh of hits. Am I missing configuration somewhere for this to work?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...