Getting an AP to send SSID in radius request

nsolling · ‎11-25-2009

Hi everyone,

I am trying to get my Cisco AP's to send the SSID or some kind of identifier of the SSID in the radius request attributes.

This is needed for user realm mapping on my radius server.

Any ideas on how this could be achieved?

Nicolai

Anders Marius Jorgensen · ‎12-02-2009

Nicolai,

The SSID is included in the 'Called-Station-ID' attribute as part of the RADIUS Access-Request.

Quote from RFC 3580:

http://www.ietf.org/rfc/rfc3580.txt

3.20. Called-Station-Id

For IEEE 802.1X Authenticators, this attribute is used to store the

bridge or Access Point MAC address in ASCII format (upper case only),

with octet values separated by a "-". Example: "00-10-A4-23-19-C0".

In IEEE 802.11, where the SSID is known, it SHOULD be appended to the

Access Point MAC address, separated from the MAC address with a ":".

Example "00-10-A4-23-19-C0:AP1".

The RADIUS must then retrieve the information from the RADIUS Access-Request packet.

Regards,

Anders

thomashaecker · ‎04-12-2012

From what i experienced, the SSID should be appended to the MAC in the Called-Station-ID attribute but seems like this is only the case if you are using a WLC.

Without WLC, it can be send as a Cisco AVpair in a VSA preconditioned "radius-server vsa send authentication" is set,

but i did not find a way to append it to the Called station ID.