Hi, On Thu, Apr 19, 2012 at 10:29:01AM +0000, Paul Brennan wrote: > So, we are experiencing some difficulty on how to differentiate the auth > requests coming from each portal. I am sure this isn't a Cisco ACS > specific issue. So is there anything we can query to define the service > selection that the auth requests are sent to? We already no we can't use I don't have specific experience of this, but a couple of suggestions... > Unlike 802.1x which has a lot of detail, the passed auth logs > for captive portal seem devoid of pretty much everything. Does the called-station-id contain the SSID or other identifying info? With 1x, you get the mac address with :ssid on the end. Alternatively, add a second IP address (or listen on a different port) on the RADIUS servers, add these new IP:ports to the new captive portal. Then you may be able to easily separate the two. I know this is easy on FreeRADIUS, but I'm afraid I don't know whether you can do so on ACS. Might give you a solution if you can. Cheers, Matthew -- Matthew Newton, Ph.D. <[log in to unmask]> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <[log in to unmask]>