11-25-2009 04:07 AM - edited 07-03-2021 06:17 PM
Hi everyone,
I am trying to get my Cisco AP's to send the SSID or some kind of identifier of the SSID in the radius request attributes.
This is needed for user realm mapping on my radius server.
Any ideas on how this could be achieved?
Nicolai
12-02-2009 06:05 AM
Nicolai,
The SSID is included in the 'Called-Station-ID' attribute as part of the RADIUS Access-Request.
Quote from RFC 3580:
http://www.ietf.org/rfc/rfc3580.txt
3.20. Called-Station-Id
For IEEE 802.1X Authenticators, this attribute is used to store the
bridge or Access Point MAC address in ASCII format (upper case only),
with octet values separated by a "-". Example: "00-10-A4-23-19-C0".
In IEEE 802.11, where the SSID is known, it SHOULD be appended to the
Access Point MAC address, separated from the MAC address with a ":".
Example "00-10-A4-23-19-C0:AP1".
04-12-2012 07:32 AM
From what i experienced, the SSID should be appended to the MAC in the Called-Station-ID attribute but seems like this is only the case if you are using a WLC.
Without WLC, it can be send as a Cisco AVpair in a VSA preconditioned "radius-server vsa send authentication" is set,
but i did not find a way to append it to the Called station ID.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: