Hello,
Can we split a radius response value on the colon delimiter? Then match a part of the response in the role mapping?
Here some background:
We use the Called-Station-Id for 2 things. Match a service policy and for enforcement.
cisco called station response is configured for AP_MAC:SSID
Radius:IETF:Called-Station-Id ac-a0-16-bb-f9-40:OFFICE2
The last part of the Called-Station-Id is used to match the service policy on the SSID OFFICE2:
name="Called-Station-Id" operator="CONTAINS" type="Radius:IETF" value="OFFICE2"
The role mapping maps on AP_mac address part and gives a tag.
(only an tag if this AP is configured for cisco Flexconnect)
RuleAttribute name="Called-Station-Id" operator="BEGINS_WITH" type="Radius:IETF" value=" ac-a0-16-bb-f9-40"
RuleAttribute name="Called-Station-Id" operator="BEGINS_WITH" type="Radius:IETF" value=" ac-a0-16-bb-f9-41"
etc etc this result in quite some line in the role mapping if I need to do this for all Flexconnect AP’s
I there some logic that I can take only the MAC part and spilt the responce on the delimiter colon?
Then I use the static host list for listing all the AP-mac’s.
RuleAttribute name="Called-Station-Id" operator="BELONGS_TO_GROUP" type="Radius:IETF" value="HostList:3004" displayValue="Flexconnect remote BSSID devices"
There might be other ways to do this aswell?
Thanks,
Gerrit