Security

Working with a customer on deploying a per-location (based on AP group) policies in CPPM. Each AP is named with the location name and we wanted to use that as part of our service rules, however, the AP Name attribute in Access Tracker is coming across as the Base Radio MAC for the AP and not the actual APs name. A couple questions:

1. Should we be getting the actual AP name from Cisco?

2. Is there a configuration that enables/disables what is being passed to CPPM?

3. Could it be an IOS / Hardware limitation? 

Thanks.

So we thought we found it, but it now has AP MAC and AP Name as blank after making the following change:

Under Security -> Authentication

There is a drop box at the top that assigns the Auth Called Station ID Type and we had it set as AP MAC Address:SSID. We changed it to use AP Name:SSID and we are receiving the name as the called-station-id, but not the AP Name. 

Any updates on this? I'm also using 'AP Name:SSID' as called-station-id in order to get correct AP name and SSID in RADIUS-REQUEST, because Connection:AP-Name is blank. This doesn't 'appear' to be best practice, is there something else i'm missing to get AP name during a request? Even if there is no other way than changing called-station-id, why isn't ClearPass parsing that and filling in AP-Name? It appears to do it for Connection:SSID?