wpa/wpa2 on logs
David Mitchell
mitchell at ucar.edu
Wed Oct 14 15:49:12 CEST 2009
Our Cisco's can optionally include it in the Accounting packets. It
looks like this:
Cisco-AVPair = "auth-algo-type=eap-peap"
I had to include the following configuration on the AP so it would send it:
radius-server vsa send accounting
And configure accounting of course.
-David Mitchell
Alan Buxey wrote:
> Hi,
>
>> Hmm, just thought, some vendors may include the information in the RADIUS packet as VSAs (Vendor Specific Attributes).
>>
>> Might be worth running the server in debugging mode (radiusd -X) and see what your wireless controllers
>> are actually sending in Access-Request packets.
>>
>> So although you won't get the info in the EAP Tunnel, you may find it's available in the RADIUS Access-request
>> packets.
>
> I thought the same thing - so had a quick look at our incoming RADIUS Access-Requests etc...
> and nothing useful buried there - but there again, I havent looked at the other end
> yet to see if there are other options or VSAs that can be used - we can currently get
> such info from the wireless control system - so that information is being passed from
> the LWAPP/CAPWAP systems to the controller - and a suitable SNMP to the WCS from the
> RADIUS server would allow you to tie the two together (best done out of band!) ..
> this is probably a useful step for any site wondering whether to drop WPA/TKIP
> support for example (for security - move to WPA2/AES) - you'd need to see how
> many non-AES clients you had before the change......
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu) Network Engineer IV |
| Tel: (303) 497-1845 National Center for |
| FAX: (303) 497-1818 Atmospheric Research |
-----------------------------------------------------------------
More information about the Freeradius-Users
mailing list