Julian Y. Koh wrote:
We're only seeing these unknown records from a little over 10% of our APs,
and some of them are generating thousands of the records, so longer-term, of
course, we need to exercise some better RF management so that users don't
roam as often. But that's another exercise for another day. For now, I
just need to see if my reasoning is sound.
Hey Julian,
We don't run the WLSM, but we do run IOS APs and use WDS, which operates
in the same manner as you describe. (Auth requests are aggregated by the
WDS master AP, while accounting is sent by individual APs.)
We also use EAP-TTLS instead of LEAP.
I had a couple tickets open with the TAC a couple summers ago about
this. The end result was that if our RADIUS server sent the "User-Name"
attribute back in the Access-Accept packet, the APs wold use it to log
the proper username when they sent accounting packets.
In addition, because we have other .1x platforms that aren't reliable at
reporting the username in accounting packets, I wrote a hook for our
Radius server that logs sufficient accounting information from the
access-request/access-accept packets. With the time and calling/called
station ids it's not clean, but it does work.
Oh, We use OSC's RADIATOR as our radius server.
-JEff
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
