On Sat, Feb 11, 2012 at 09:07:49AM +0100, Riccardo Veraldi wrote:
Yes I wanted to use this solution but the problem is that when my Cisco 1200 access points contact freeradius, there is no SSID like attribute in the communication, in the request there is no SSID... I will try with the copy of module file I did not figure out it form the docs.
If your eduroam requests are going through a completely different virtual server from your local SSID requests, then just follow Alan's advice, but you don't need to test for SSID - just put it in the virtual server that you want to block EAP-TLS, something like if (EAP-Type == "EAP-TLS") { reject } For the Cisco APs, which don't seem to follow the RFCs for Called-Station-Id (as far as I can tell) unless you use a WLC, try: ap(config)# radius-server vsa send authentication and you should then end up with an attribute you can test: Cisco-AVPair = "ssid=eduroam" Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>