Meraki

Community

NAS ID in radius request

Alexs20
Getting noticed
‎Oct 11 2023 10:37 AM
‎Oct 11 2023 10:37 AM

NAS ID in radius request

Hi all,

 

My question is about how can I provide a custom NAS ID value in a Radius requests originated by SM switch?

I am comparing the Access Policy configuration forms between the Wireless and Switch and i see that I can do that for the Wireless mode (in advanced section) but I do not see anything similar for the Switch.

 

Please advice.

Thanks.

0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
‎Oct 11 2023 10:43 AM
‎Oct 11 2023 10:43 AM


I believe that in this case you will only be able to use the Called-Station-Id.

RADIUS Attributes

When an access policy is configured with RADIUS server, authentication is performed using PAP. The following attributes are present in the Access-Request messages sent from MS switch to the RADIUS server.

  • User-Name
  • NAS-IP-Address
  • Calling-Station-Id: Contains the MAC address of the end user machine (supplicant) (all caps, octets separated by hyphens, example: "AA-BB-CC-DD-EE-FF").
  • Called-Station-Id: Contains the MAC address of the Meraki MS switch (all caps, octets separated by hyphens).

Note: MS390 has an exception, it will send MACID of the switch port in the Called-Station-Id AVP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
alemabrahao
Kind of a big deal
‎Oct 11 2023 10:50 AM
‎Oct 11 2023 10:50 AM

More details here.

 

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal
‎Oct 11 2023 10:50 AM
‎Oct 11 2023 10:50 AM

Sadly that is not possible.

You can't customize any of that for switches.

 

Alexs20
Getting noticed
‎Oct 11 2023 1:57 PM
‎Oct 11 2023 1:57 PM

Ok, then another question.

I see that MS switch also sending a "Meraki-Device-Name" attribute that contains the switch's name that I can change.

Theoretically I can use this field to pass my custom data to the radius... but, I do not see any documentation that directly says that MS switch will always send the "Meraki-Device-Name" attribute. That means that I cannot use undocumented field...
Is anyone aware about where can I find the documentation about this attribute?

Thanks

 

0 Kudos
In response to Alexs20
alemabrahao
Kind of a big deal
‎Oct 11 2023 4:28 PM
‎Oct 11 2023 4:28 PM

@Alexs20  all attributes available are here.

 

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X

 

If you are not able to find this information here it's probably not supported.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.