Our Cisco's can optionally include it in the Accounting packets. It
looks like this:
Cisco-AVPair = "auth-algo-type=eap-peap"
I had to include the following configuration on the AP so it would send it:
radius-server vsa send accounting
And configure accounting of course.
-David Mitchell
Alan Buxey wrote:
> Hi,
>
>> Hmm, just thought, some vendors may include the information in the RADIUS
>> packet as VSAs (Vendor Specific Attributes).
>>
>> Might be worth running the server in debugging mode (radiusd -X) and see
>> what your wireless controllers
>> are actually sending in Access-Request packets.
>>
>> So although you won't get the info in the EAP Tunnel, you may find it's
>> available in the RADIUS Access-request
>> packets.
>
> I thought the same thing - so had a quick look at our incoming RADIUS
> Access-Requests etc...
> and nothing useful buried there - but there again, I havent looked at the
> other end
> yet to see if there are other options or VSAs that can be used - we can
> currently get
> such info from the wireless control system - so that information is being
> passed from
> the LWAPP/CAPWAP systems to the controller - and a suitable SNMP to the WCS
> from the
> RADIUS server would allow you to tie the two together (best done out of
> band!) ..
> this is probably a useful step for any site wondering whether to drop WPA/TKIP
> support for example (for security - move to WPA2/AES) - you'd need to see how
> many non-AES clients you had before the change......
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
-----------------------------------------------------------------
| David Mitchell ([email protected]) Network Engineer IV |
| Tel: (303) 497-1845 National Center for |
| FAX: (303) 497-1818 Atmospheric Research |
-----------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
