Hi,
On Thu, Apr 19, 2012 at 10:29:01AM +0000, Paul Brennan wrote:
> So, we are experiencing some difficulty on how to differentiate the auth
> requests coming from each portal. I am sure this isn't a Cisco ACS
> specific issue. So is there anything we can query to define the service
> selection that the auth requests are sent to? We already no we can't use
I don't have specific experience of this, but a couple of
suggestions...
> Unlike 802.1x which has a lot of detail, the passed auth logs
> for captive portal seem devoid of pretty much everything.
Does the called-station-id contain the SSID or other identifying
info? With 1x, you get the mac address with :ssid on the end.
Alternatively, add a second IP address (or listen on a different
port) on the RADIUS servers, add these new IP:ports to the new
captive portal. Then you may be able to easily separate the two. I
know this is easy on FreeRADIUS, but I'm afraid I don't know
whether you can do so on ACS. Might give you a solution if you
can.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <[log in to unmask]>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <[log in to unmask]>
|