Security

Hi Airheads,

We're using the Guest Device Repository to MAC authenticate devices on our network. Accounting is configured so we're able to retreive the session information for each device.

The NAS-Port returned by our Juniper switches is a number instead of the actual Port-ID (ie. ge-0/0/1). Is it possible to show the RADIUS attribute NAS-Port-ID from the RADIUS-Request message instead of NAS-Port from the RADIUS-Accounting message?

This is the content of the access request.

Radius:IETF:NAS-Port    584
Radius:IETF:NAS-Port-Id    ge-0/0/28.0

When you say "show the RADIUS attribute" where are you talking about?

If you are referring to the Active Session section under ClearPass Guest then the fields that are displayed here can be customised by clicking More Options and then Choose Columns. Both nasporttype and nasportid are available to view.

Hi dg27, thanks for your reply.

I guess by default, you're only able to see the information from the accounting messages. In there, the NAS-PORT-ID (ge-0/0/1) is not included so the field remains empty.

However, in the radius request message which comes in every 60min., it is included so I'm looking for a way to use that attribute in the active session details.

I don't think this is something you can change within ClearPass.

You would need the Juniper switch to be able to send the field you require in the RADIUS accounting packet for it to be visible in the Active Sessions section.