Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Good RFC 3576 info for WiSM?

Does anyone have a good link to info on what does and does not work for RFC3576 on WLCs?

What all is supported? Packet of Disconnect, yes, I know, but can a Change of Authorization (CoA) packet be used to switch vlans? And if so, are commodity supplicants smart enough to re-initiate DHCP (we run DHCP-required).

3 REPLIES
Bronze

Re: Good RFC 3576 info for WiSM?

This link is one good repository which has lots of info about cisco WLCs.

http://www.cisco.com/en/US/tech/tk722/tk809/tech_configuration_examples_list.html

Cisco Employee

Re: Good RFC 3576 info for WiSM?

Hi,

Some days ago I add a document, seems just on time :-)

https://supportforums.cisco.com/docs/DOC-8473

Note:

1.)    WLC needs to send calling-station-id as mac address, to let the AAAserver know it. We can force using command
cli:> config radius callStationIdType macAddr

2.)    AAA server has to send only the three attributes required per bug id CSCso52532
User-Name = ...
Calling-Station-Id = ... (mac add format 00-11-22-33-44-55)
Service-Type = 1    (login)

Hope it hels

Re: Good RFC 3576 info for WiSM?

Check out defect  CSCso52532. Also, make sure you use 6.0 to test this. Due to CSCsv34136, WLC will drop the
PoD due to some wrong source port checking.


IN order to send a RADIUS Disconnect-Request (RFC 3576) to the WiSM
to disconnect a user you have to know the right values to send.

Conditions:

. If a user has to be logged out then, following attributes are expected
  - SSH_RADIUS_AVP_SERVICE_TYPE(6) attribte with following value.
         SSH_RADIUS_SERVICE_TYPE_LOGIN(1)
       - SSH_RADIUS_AVP_CALLING_STATION_ID(31) - this is needed, if
              we want to delete  particular user  session via particular device
              (like PDA, Phone or PC)

       - SSH_RADIUS_AVP_USER_NAME(1)

. If a management user has to be logged out then, following attributes
are expected
  - SSH_RADIUS_AVP_SERVICE_TYPE(6) attribte with following value
  - SSH_RADIUS_SERVICE_TYPE_ADMINISTRATIVE
                      OR
   - SSH_RADIUS_SERVICE_TYPE_NAS_PROMPT
   - SSH_RADIUS_AVP_USER_NAME(1)
   - SSH_RADIUS_AVP_FRAMED_IP_ADDRESS(8)



NOTE THAT
3.21. Calling-Station-Id
For IEEE 802.1X Authenticators, this attribute is used to store
Supplicant MAC address in ASCII format (upper case only), with
values separated by a "-". Example: "00-10-A4-23-19-C0".

1744
Views
10
Helpful
3
Replies
CreatePlease to create content