Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NAS ID in radius request

Alexs20
Getting noticed
‎Oct 11 2023 10:37 AM
‎Oct 11 2023 10:37 AM

NAS ID in radius request

Hi all,

 

My question is about how can I provide a custom NAS ID value in a Radius requests originated by SM switch?

I am comparing the Access Policy configuration forms between the Wireless and Switch and i see that I can do that for the Wireless mode (in advanced section) but I do not see anything similar for the Switch.

 

Please advice.

Thanks.

0 Kudos
Subscribe
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 11 2023 10:43 AM
‎Oct 11 2023 10:43 AM


I believe that in this case you will only be able to use the Called-Station-Id.

RADIUS Attributes

When an access policy is configured with RADIUS server, authentication is performed using PAP. The following attributes are present in the Access-Request messages sent from MS switch to the RADIUS server.

  • User-Name
  • NAS-IP-Address
  • Calling-Station-Id: Contains the MAC address of the end user machine (supplicant) (all caps, octets separated by hyphens, example: "AA-BB-CC-DD-EE-FF").
  • Called-Station-Id: Contains the MAC address of the Meraki MS switch (all caps, octets separated by hyphens).

Note: MS390 has an exception, it will send MACID of the switch port in the Called-Station-Id AVP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 11 2023 10:50 AM
‎Oct 11 2023 10:50 AM

More details here.

 

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
RaphaelL
Kind of a big deal
Kind of a big deal
‎Oct 11 2023 10:50 AM
‎Oct 11 2023 10:50 AM

Sadly that is not possible.

You can't customize any of that for switches.

 

Subscribe
Alexs20
Getting noticed
‎Oct 11 2023 1:57 PM
‎Oct 11 2023 1:57 PM

Ok, then another question.

I see that MS switch also sending a "Meraki-Device-Name" attribute that contains the switch's name that I can change.

Theoretically I can use this field to pass my custom data to the radius... but, I do not see any documentation that directly says that MS switch will always send the "Meraki-Device-Name" attribute. That means that I cannot use undocumented field...
Is anyone aware about where can I find the documentation about this attribute?

Thanks

 

0 Kudos
Subscribe
In response to Alexs20
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 11 2023 4:28 PM
‎Oct 11 2023 4:28 PM

@Alexs20  all attributes available are here.

 

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X

 

If you are not able to find this information here it's probably not supported.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.