Scribd
Upload
26 views6 pages

Network Access Server Identifier

The document provides detailed information about configuring Network Access Server Identifiers (NAS-ID) for RADIUS access requests, including creating and attaching NAS ID policies through both GUI and CLI methods. It explains the hierarchy of NAS-ID configurations and the options available for setting them, such as system name, IP address, and MAC address. Additionally, it outlines the steps to verify the NAS ID configuration within the system.

Uploaded by

a.el3sawy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
26 views6 pages

Network Access Server Identifier

The document provides detailed information about configuring Network Access Server Identifiers (NAS-ID) for RADIUS access requests, including creating and attaching NAS ID policies through both GUI and CLI methods. It explains the hierarchy of NAS-ID configurations and the options available for setting them, such as system name, IP address, and MAC address. Additionally, it outlines the steps to verify the NAS ID configuration within the system.

Uploaded by

a.el3sawy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Network Access Server Identifier

• Information About Network Access Server Identifier, on page 1


• Creating a NAS ID Policy(GUI), on page 2
• Creating a NAS ID Policy, on page 2
• Attaching a Policy to a Tag (GUI), on page 3
• Attaching a Policy to a Tag (CLI), on page 4
• Verifying the NAS ID Configuration, on page 4

Information About Network Access Server Identifier


Network access server identifier (NAS-ID) is used to notify the source of a RADIUS access request, which
enables the RADIUS server to choose a policy for that request. You can configure one on each WLAN profile,
VLAN interface, or access point group. The NAS-ID is sent to the RADIUS server by the controller through
an authentication request to classify users to different groups. This enables the RADIUS server to send a
customized authentication response.

Note The acct-session-id is sent with the RADIUS access request only when accounting is enabled on the policy
profile.

If you configure a NAS-ID for an AP group, it overrides the NAS-ID that is configured for a WLAN profile
or the VLAN interface. Similarly, if you configure a NAS-ID for a WLAN profile, it overrides the NAS-ID
that is configured for the VLAN interface.
The following options can be configured for a NAS ID:
• sys-name (System Name)
• sys-ip (System IP Address)
• sys-mac (System MAC Address)
• ap-ip (AP's IP address)
• ap-name (AP's Name)
• ap-mac (AP's MAC Address)
• ap-eth-mac (AP's Ethernet MAC Address)

Network Access Server Identifier


1
Network Access Server Identifier
Creating a NAS ID Policy(GUI)

• ap-policy-tag (AP's policy tag name)


• ap-site-tag (AP's site tag name)
• ssid (SSID Name)
• ap-location (AP's Location)

Creating a NAS ID Policy(GUI)


Procedure

Step 1 Choose Configuration > Security > Wireless AAA Policy.


Step 2 On the Wireless AAA Policy page, click the name of the Policy or click Add to create a new one.
Step 3 In the Add/Edit Wireless AAA Policy window that is displayed, enter the name of the policy in the Policy
Name field.
Step 4 Choose from one of the NAS ID options from the Option 1 drop-down list.
Step 5 Choose from one of the NAS ID options from the Option 2 drop-down list.
Step 6 Choose from one of the NAS ID options from the Option 3 drop-down list.
Step 7 Save the configuration.

Creating a NAS ID Policy


Follow the procedure given below to create NAS ID policy:

Before you begin


• NAS ID can be a combination of multiple NAS ID options; the maximum options are limited to 3.
• The maximum length of the NAS ID attribute is 253. Before adding a new attribute, the attribute buffer
is checked, and if there is no sufficient space, the new attribute is ignored.
• By default, a wireless aaa policy (default-aaa-policy) is created with the default configuration (sys-name).
You can update this policy with various NAS ID options. However, the default-aaa-policy cannot be
deleted.
• If a NAS ID is not configured, the default sys-name is considered as the NAS ID for all wireless-specific
RADIUS packets (authentication and accounting) from the controller .

Network Access Server Identifier


2
Network Access Server Identifier
Attaching a Policy to a Tag (GUI)

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Step 2 wireless aaa policy policy-name Configures a new AAA policy.


Example:
Device(config)# wireless aaa policy test

Step 3 nas-id option1 sys-name Configures NAS ID for option1.


Example:
Device(config-aaa-policy)# nas-id option1
sys-name

Step 4 nas-id option2 sys-ip Configures NAS ID for option2.


Example:
Device(config-aaa-policy)# nas-id option2
sys-ip

Step 5 nas-id option3 sys-mac Configures NAS ID for option3.


Example:
Device(config-aaa-policy)# nas-id option3
sys-mac

Attaching a Policy to a Tag (GUI)


Procedure

Step 1 Choose Configuration > Tags & Profiles > Tags page, click Policy tab.
Step 2 Click Add to view the Add Policy Tag window.
Step 3 Enter a name and description for the policy tag.
Step 4 Click Add to map WLAN profile and Policy profile.
Step 5 Choose the WLAN Profile to map with the appropriate Policy Profile, and click the tick icon.
Step 6 Click Save & Apply to Device.

Network Access Server Identifier


3
Network Access Server Identifier
Attaching a Policy to a Tag (CLI)

Attaching a Policy to a Tag (CLI)


Follow the procedure given below to attach a NAS ID policy to a tag:

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Step 2 wireless profile policy policy-name Configures a WLAN policy profile.


Example:
Device(config)# wireless profile policy
test1

Step 3 aaa-policy aaa-policy-name Configures a AAA policy profile.


Example:
Device(config-wireless-policy)#
aaa-policy policy-aaa

Step 4 exit Returns to global configuration mode.


Example:
Device(config-wireless-policy)# exit

Step 5 wireless tag policy policy-tag Configures a wireless policy tag.


Example:
Device(config)# wireless tag policy
policy-tag1

Step 6 wlan wlan1 policy policy-name Maps a WLAN profile to a policy profile.
Example: Note
Device(config)# wlan wlan1 policy test1 You can also use the ap-tag option to configure
a NAS ID for an AP group, which will override
the NAS ID that is configured for a WLAN
profile or the VLAN interface.

Verifying the NAS ID Configuration


Use the following show command to verify the NAS ID configuration:
Device# show wireless profile policy detailed test1

Policy Profile Name : test1


Description :

Network Access Server Identifier


4
Network Access Server Identifier
Verifying the NAS ID Configuration

Status : ENABLED
VLAN : 1
Client count : 0

:
:
AAA Policy Params
AAA Override : DISABLED
NAC : DISABLED
AAA Policy name : test

Network Access Server Identifier


5
Network Access Server Identifier
Verifying the NAS ID Configuration

Network Access Server Identifier


6

You might also like