NAS ID in radius request

Alexs20
Getting noticed

NAS ID in radius request

Hi all,

 

My question is about how can I provide a custom NAS ID value in a Radius requests originated by SM switch?

I am comparing the Access Policy configuration forms between the Wireless and Switch and i see that I can do that for the Wireless mode (in advanced section) but I do not see anything similar for the Switch.

 

Please advice.

Thanks.

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal


I believe that in this case you will only be able to use the Called-Station-Id.

RADIUS Attributes

When an access policy is configured with RADIUS server, authentication is performed using PAP. The following attributes are present in the Access-Request messages sent from MS switch to the RADIUS server.

  • User-Name
  • NAS-IP-Address
  • Calling-Station-Id: Contains the MAC address of the end user machine (supplicant) (all caps, octets separated by hyphens, example: "AA-BB-CC-DD-EE-FF").
  • Called-Station-Id: Contains the MAC address of the Meraki MS switch (all caps, octets separated by hyphens).

Note: MS390 has an exception, it will send MACID of the switch port in the Called-Station-Id AVP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

More details here.

 

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal

Sadly that is not possible.

You can't customize any of that for switches.

 

Alexs20
Getting noticed

Ok, then another question.

I see that MS switch also sending a "Meraki-Device-Name" attribute that contains the switch's name that I can change.

Theoretically I can use this field to pass my custom data to the radius... but, I do not see any documentation that directly says that MS switch will always send the "Meraki-Device-Name" attribute. That means that I cannot use undocumented field...
Is anyone aware about where can I find the documentation about this attribute?

Thanks

 

alemabrahao
Kind of a big deal
Kind of a big deal

@Alexs20  all attributes available are here.

 

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X

 

If you are not able to find this information here it's probably not supported.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels