Security

I need to work out how to differentiate RADIUS request coming from the same controller but from different interfaces (SSID clients from APs, VIA users, etc).

 

I thought in this solution: a field in the RADIUS request unique for VIA users in order to identify the origin in Radius AD (NPS). Is it possible to add a field to the VIA users RADIUS request in the controller?

 

What I have seen in the RADIUS request are common parameters to all the request that come frome Wireless Controller:

 

RADIUS Request
Radius:Aruba:Aruba-AP-Group N/A
Radius:Aruba:Aruba-Location-Id N/A
Radius:IETF:Called-Station-Id
Radius:IETF:Calling-Station-Id 1.2.3.4
Radius:IETF:Framed-IP-Address 1.2.3.4
Radius:IETF:NAS-Identifier Wireless-VPN
Radius:IETF:NAS-IP-Address 10.10.10.10
Radius:IETF:NAS-Port 0
Radius:IETF:NAS-Port-Type 19
Radius:IETF:Service-Type 1
Radius:IETF:User-Name

 

Thank you in advance for your help.

The VIA client would use PAP.  Your wireless clients (if they are not captive portal) would use PEAP/MSChapV2.

 

Edit:  I am wrong:  Please use the attached service rules to narrow down your VIA traffic:

 

The highlighted portion is not necessary. 

 

 

 

 

If you don't have APs on the "default" AP-GROUP serving clients you can use that as an attribute in combination with location ID "N/A"

Sent from Outlook for iPhone