Security

Reply
Occasional Contributor II
Posts: 23
Registered: ‎07-28-2016

Guest sessions - NAS-Port-ID

Hi Airheads,

 

We're using the Guest Device Repository to MAC authenticate devices on our network. Accounting is configured so we're able to retreive the session information for each device.

 

The NAS-Port returned by our Juniper switches is a number instead of the actual Port-ID (ie. ge-0/0/1). Is it possible to show the RADIUS attribute NAS-Port-ID from the RADIUS-Request message instead of NAS-Port from the RADIUS-Accounting message?

 

This is the content of the access request.

 

Radius:IETF:NAS-Port    584
Radius:IETF:NAS-Port-Id    ge-0/0/28.0

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Guest sessions - NAS-Port-ID

When you say "show the RADIUS attribute" where are you talking about?

If you are referring to the Active Session section under ClearPass Guest then the fields that are displayed here can be customised by clicking More Options and then Choose Columns. Both nasporttype and nasportid are available to view.

David
ACDX #98 | ACMP | ACCP
Occasional Contributor II
Posts: 23
Registered: ‎07-28-2016

Re: Guest sessions - NAS-Port-ID

Hi dg27, thanks for your reply.

 

I guess by default, you're only able to see the information from the accounting messages. In there, the NAS-PORT-ID (ge-0/0/1) is not included so the field remains empty.

 

However, in the radius request message which comes in every 60min., it is included so I'm looking for a way to use that attribute in the active session details.

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Guest sessions - NAS-Port-ID

I don't think this is something you can change within ClearPass.

You would need the Juniper switch to be able to send the field you require in the RADIUS accounting packet for it to be visible in the Active Sessions section.

David
ACDX #98 | ACMP | ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: