Just in case this helps someone else, I figured it out from trawling Google at midnight! You need to get the AP to send the vendor specific attributes in the request packet but including the line radius-server vsa send authentication in the AP config. It's not there by default obviously. Thanks, and apologies for sending so many emails in one go. Andy
-----Original Message----- From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org [mailto:freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org] On Behalf Of Franks Andy (RLZ) IT Systems Engineer Sent: 21 August 2012 22:46 To: FreeRadius users mailing list Subject: RE: Best way to cope with multiple SSIDs and MAC auth Just an update : I do see something on the IOS interface : RADIUS: AAA Unsupported Attr: ssid [263] 8 *May 17 16:47:01.236: RADIUS: 52 53 48 5F 57 69 [RSH_Wi] I didn't notice it as it's above the actual sent attribute section. The attribute doesn't make it through to the radius server. Anyone any ideas? -----Original Message----- From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org [mailto:freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org] On Behalf Of Franks Andy (RLZ) IT Systems Engineer Sent: 21 August 2012 22:34 To: FreeRadius users mailing list Subject: RE: Best way to cope with multiple SSIDs and MAC auth Hi - thanks for the reply I have a relatively new version of IOS and I can't see the attribute coming through, either on freeradius or using the "debug radius" command on the AP. I wonder if it's something you have to set in the AP that's non default. As an aside, I wonder if there's an internal freeradius attribute that can tell me the port number that an auth request comes through on? If I use the radtest program, I see the NAS-Port being set to 1812, but the Aps don't do this - the NAS-Port attribute is often a random number, not the destination port number.. -----Original Message----- From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org [mailto:freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org] On Behalf Of alan buxey Sent: 21 August 2012 22:21 To: FreeRadius users mailing list Subject: Re: Best way to cope with multiple SSIDs and MAC auth Hi, > Because I am not aware that the cisco IOS can send an “SSID” attribute to > the radius server (if someone knows how to do this PLEASE tell > me!), I yes, it does - the attribute will depend on model and IOS version - but if you run the server in full debug mode then you will see the attribute arrive in the access-request - with the SSID you are looking for present. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html