RADIUS Call Station Identifier
The RADIUS called station identifier attribute allows a Network Access Server (NAS) to capture the Access-Request packet used by a phone number by means of Dialled Number Identification (DNIS) or similar technology. The IEEE 802.1X authenticators can use this attribute to store the bridge or Access Point MAC address in ASCII format.
The called station identifier allows a RADIUS server to specify the MAC addresses or networks that a client can connect. One such attribute can be added in the Access-Request packet. The called station identifier is useful in scenarios where preauthentication is supported. In such instances, the called station identifier enables the RADIUS server to restrict the networks and attachment points the client can connect.
Note |
The called station identifier attribute is applicable only for Access-Request and not for Access-Accept or CoA-Request. |
In Cisco IOS XE Bengaluru 17.4.1, the RADIUS called station identifier configuration is enhanced to include more attributes. The newly added options for authentication and accounting are listed below:
-
policy-tag-name
-
flex-profile-name
-
ap-macaddress-ssid-flexprofilename
-
ap-macaddress-ssid-policytagname
-
ap-macaddress-ssid-sitetagname
-
ap-ethmac-ssid-flexprofilename
-
ap-ethmac-ssid-policytagname
-
ap-ethmac-ssid-sitetagname
For more information on the attributes listed above, see the following commands:
-
radius-server attribute wireless accounting call-station-id
-
radius-server attribute wireless authentication call-station-id