hi
1. in AP 12 you can assign an authentication server per SSID. from here on, you could have two different servers, one for LEAP and the other for EAP/TLS.
Can loopbacks be used on a FreeRadius server so that it control the EAP
type allowed based on the targeted interface? Not needed if I can get
the below to work.
i don't think so, but what would it be good for? just start two radius servers on different ports and configure the SSID parts in the APs appropriately. it's not difficult and you can really be sure that your LEAP users land on your LEAP enabled FR while your TLS users use your TLS enabled FR. you can even enforce the immediate denial in the case where LEAP is used on the TLS server, etc.
2. Cisco APs do provide SSID information in the incoming requests. this is put in a Cisco VSA. if you put your server into debug mode and look at the incoming requests, you'll see the SSID appearing as something like
Cisco-VSA = "ssid=my_ssid"
Not on mine. I'll try an IOS upgrade.
oh, ok, that's strange. either it's an option (but i've never seen a cisco AP without that VSA in its request so it should be ON by default and you deactivated it once - reset to factory defaults should do the trick) or it is really a IOS version issue.
and finally, if you have a direct wire to a Cisco Product Manager, please kick his ass from my part convincing him of the need to finally correct the accounting behavior of the newest AP12 IOS release. in my case, accounting does not contain AcctInputOctets nor AcctOutputOctets.
=) If you e-mail me directly with the details I'll be glad to.
ok - as soon as possible :)
ciao artur
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
