Cisco Cisco 2000 Series Wireless LAN Controller Guia De Resolução De Problemas
Supported RADIUS Attriubutes on the Wireless LAN
Controller
Controller
RADIUS attributes are used to define specific authentication, authorization, and accounting (AAA) elements
in a user profile, which is stored on the RADIUS daemon. This section lists the RADIUS attributes currently
supported on the Wireless LAN Controller.
in a user profile, which is stored on the RADIUS daemon. This section lists the RADIUS attributes currently
supported on the Wireless LAN Controller.
Quality of ServiceWhen present in a RADIUS Access Accept, the QoS−Level value overrides the
QoS value specified in the WLAN profile.
QoS value specified in the WLAN profile.
•
ACLWhen the Access Control List (ACL) attribute is present in the RADIUS Access Accept, the
system applies the ACL−Name to the client station after it authenticates. This overrides any ACLs
that are assigned to the interface.
system applies the ACL−Name to the client station after it authenticates. This overrides any ACLs
that are assigned to the interface.
•
VLANWhen a VLAN Interface−Name or VLAN−Tag is present in a RADIUS Access Accept, the
system places the client on a specific interface.
system places the client on a specific interface.
•
WLAN IDWhen the WLAN−ID attribute is present in the RADIUS Access Accept, the system
applies the WLAN−ID (SSID) to the client station after it authenticates. The WLAN ID is sent by the
WLC in all instances of authentication except IPsec. In case of web authentication, if the WLC
receives a WLAN−ID attribute in the authentication response from the AAA server, and it does not
match the ID of the WLAN, authentication is rejected. Other types of security methods do not do this.
applies the WLAN−ID (SSID) to the client station after it authenticates. The WLAN ID is sent by the
WLC in all instances of authentication except IPsec. In case of web authentication, if the WLC
receives a WLAN−ID attribute in the authentication response from the AAA server, and it does not
match the ID of the WLAN, authentication is rejected. Other types of security methods do not do this.
•
DSCP ValueWhen present in a RADIUS Access Accept, the DSCP value overrides the DSCP value
specified in the WLAN profile.
specified in the WLAN profile.
•
802.1p−TagWhen present in a RADIUS Access Accept, the 802.1p value overrides the default
specified in the WLAN profile.
specified in the WLAN profile.
•
Note: The VLAN feature only supports MAC filtering, 802.1X, and Wi−Fi Protected Access (WPA). The
VLAN feature does not support web authentication or IPsec. The operating system's local MAC filter
database has been extended to include the interface name. This allows local MAC filters to specify which
interface the client should be assigned. A separate RADIUS server can also be used, but the RADIUS server
must be defined using the Security menus.
VLAN feature does not support web authentication or IPsec. The operating system's local MAC filter
database has been extended to include the interface name. This allows local MAC filters to specify which
interface the client should be assigned. A separate RADIUS server can also be used, but the RADIUS server
must be defined using the Security menus.
QoS−Level
The QoS−Level attribute indicates the Quality of Service level to be applied to the mobile client's traffic
within the switching fabric, as well as over the air. This example shows a summary of the QoS−Level
attribute format. The fields are transmitted from left to right.
within the switching fabric, as well as over the air. This example shows a summary of the QoS−Level
attribute format. The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+
| Type | Length | Vendor−Id
+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+
Vendor−Id (cont.) | Vendor type | Vendor length |
+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+
| QoS Level |
+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+−+
"Type − 26 for Vendor−Specific