For IPv4, the client’s IP address is available via the Framed-IP-Address attribute in Interim-Update Accounting-Request packets. For IPv6, client IP addresses are instead available via Framed-IPv6-Address attributes. They are made available by NASes that implement DHCP snooping functionality.
On Fri, Nov 18, 2016 at 8:48 AM Wang, Yu <[email protected]> wrote: > Edward, > > > > NPS servers (radius) do not have clients’ IP information as the whole > 802.1X authentication process happens before a client can have an IP > address. Once a client is successfully authenticated, radius’ job is done. > The client is then assigned to a network and acquires an IP through DHCP. > You can get a client’s IP from Aruba controllers or DHCP servers (client’s > MAC address from NPS). > > > > Yu > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > [email protected]] *On Behalf Of *Edward Ip > > > *Sent:* Thursday, November 17, 2016 2:38 PM > *To:* [email protected] > > *Subject:* Re: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi? > > > > We have being using Microsoft NPS in a cluster as Radius for 80.21X for a > while now. Our normal concurrent client load is about 12,000 users. > > > > Monitoring is now done via Airwave, specifically using the Clarity > feature. In the pass, we used Solarwinds to query our Aruba controllers for > the statistics and then graphing it in Solarwinds. > > > > We are not doing anything fancy with the NPS servers. My network architect > wants to be able to query the AD network and set up network policies (like > bandwidth control and app control) using Bluecoat PacketShaper and the > Authentication and Authorization Agent (BCAAA) with User Awareness feature. > However, the NPS servers do not update our ad directory with regards to > what IP address the wireless client is currently using. So this feature is > not useable on our wireless client (works great on wired domain clients). > Investigating if we can use ClearPass to give the bluecoat the required > information. > > > > *Edward Ip* > > *Algonquin College* | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario > | K2G 1V8 | Canada > > algonquincollege.com > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ > mailto:[email protected] > <[email protected]>] *On Behalf Of *Lee H Badman > *Sent:* Wednesday, November 16, 2016 9:40 AM > *To:* [email protected] > *Subject:* [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi? > > > > Hello to the awesome group. > > > > We’ve used Cisco ACS with general satisfaction for many years as the > RADIUS solution for our very, very large WLAN’s 802.1X authentication. We > also have Aruba Clearpass in-house for guest wireless, and have poked > around at ISE a bit. We’re weighing replacing our aging ACS environment, > but as many of you know times are changing. When you shop for RADIUS, you > have to wade through the fog of NAC systems because everything is getting > ever more “feature rich”. For major vendors, RADIUS is just a slice of NAC > now, and since everybody “is a software company!” licensing can be ugly. > I’m not slamming those who find value in the many interesting features that > the likes of ISE and Clearpass offer, but I also can’t help but be drawn to > Microsoft NPS when I think about going forward with simple RADIUS. > > > > Way back when, we avoided Microsoft in this role as the reporting wasn’t > particularly strong when it came time to troubleshoot clients. We **may** > have found relief to this through Splunk, and also enjoy a robust Windows > server environment staffed by absolutely brilliant MS-minded veteran > admins. > > > > All that being said- is anyone using NPS as their RADIUS solution for a > large secure WLAN environment? Can you share likes, dislikes, regrets, > endorsements, horror stories, tales of success, etc? > > > > > > (Any vendor reps lurking- no, I’m not open to hearing about other RADIUS > solutions. Please, no calls or emails) > > > > > > Kind regards- > > > > *Lee Badman* | CWNE #200 | Network Architect > > Information Technology Services > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > *t* 315.443.3003 * f* 315.443.4325 *e* [email protected] *w* its.syr.edu > > > *SYRACUSE UNIVERSITY *syr.edu > > > > > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
