MAC Address in Radius Accounting Start Record

what's the MAC Address AVP that appears in accounting start record used for ?

Vikram,
Are you performing webauth or is this for an auth-proxy session? If a user authenticates via dot1x then the calling station id is the mac address, if the user is peforming webauth or if this for an auth-proxy session then the ip address of the client is sent.
Thanks,
Tarik

Similar Messages

  • Access Control MAC address by Radius doesn't work

    Hi,
    How I can try if my Airport TimeCapsule can ping to my windows 2008 server with Radius?
    I snnifed the lan on Radius server and I only saw the broadcast messages of the airport.
    I have wpa personal with mac addres filter by radius, but doesn't works and I can access with any pc without check de mac.
    Anyone can help me please?
    Regards!!

    I am not so familiar with setup of wireless with Radius.. The Apple routers are not enterprise class but very much domestic.. so the enterprise level login seems to be problematic.
    Give us a couple of screenshots of the setup and that might help determine the issue.
    There is some info with help on setting it up here.
    Multiple airport Extremes and RADIUS
    Using windows server will of course make life that much harder.

  • Push mail on iPhone doesn't work with my .mac address, all other accounts working fine. Does anybody experienced problems like this?

    Since upgrading to IOS 5 and using icloud my .mac account doesn't work with push anymore. I'am using two other mail accounts with push function and they work fine. I have heard from other users havong same problem, but does anybody have a solution to this? I have deleted the account and set it up again, worked for one test mail and then failed onwards..

    Since upgrading to IOS 5 and using icloud my .mac account doesn't work with push anymore. I'am using two other mail accounts with push function and they work fine. I have heard from other users havong same problem, but does anybody have a solution to this? I have deleted the account and set it up again, worked for one test mail and then failed onwards..

  • "Accounting-Start" and "Accounting-Stop" with same "user name" and "session Id" recorded in different RADIUS servers.

    Hi,
    I have questions about "Accounting-Start" and "Accounting-Stop".
    1.If a NAS configured to have a primary and a backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the primary server goes down (Primary server won’t tell the NAS?). When sessions stop, the NAS sends the “Accounting-Stop” to the secondary. I understand the “Start-Stop” record with the same “user name” and “session-id” ideally should be recorded in the same server. If this situation happens what should both the NAS and RADIUS server do?
    2.A NAS configured to have a primary and backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the administrator decided to change the primary server (as there are problems with the previous primary). sessions stop, the NAS sends the “Accounting-Stop” to the new primary. This ends up the “Accounting-Start” and “Accounting-Stop” with the same “user name” and “session Id” in two RADIUS servers.
    To summarize, how to avoid the ”start-stop” pair ends up in different servers ? If it does, is it  an issue for RADIUS application ?
    Cheers,
    1.If a NAS configured to have a primary and a backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the primary server goes down (Primary server won’t tell the NAS?). When sessions stop, the NAS sends the “Accounting-Stop” to the secondary. I understand the “Start-Stop” record with the same “user name” and “session-id” ideally should be recorded in the same server. If this situation happens what should both the NAS and RADIUS server do?
    2.A NAS configured to have a primary and backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the administrator decided to change the primary server (as there are problems with the previous primary). sessions stop, the NAS sends the “Accounting-Stop” to the new primary. This ends up the “Accounting-Start” and “Accounting-Stop” with the same “user name” and “session Id” in two RADIUS servers.
    To summarize, how to avoid the ”start-stop” pair ends up in different servers ? If it does, is it  an issue for RADIUS application ?
    Cheers,

    vignesh and BalusC,
    following is the code in front controller's doFilter method. is this not thread safe?
            HttpServletRequest req = (HttpServletRequest) request;
            HttpServletResponse res = (HttpServletResponse) response;
            HttpSession session = req.getSession();
            somepackage.User user;
            if(session.getAttribute("user") == null){
                user = new somepackage.User();
                session.setAttribute("user", user);
            }else{           
                user = (somepackage.User) session.getAttribute("user");
            }user object maintains all information about a user. if it is in session scope, everything should work fine.
    another observation is after some time of usage, both people in different systems are getting same session.getId()
    in my logout page i am using
    session.invalidate();
    thanks,
    moses

  • Accounting-Start and Accounting-Stop recorded on diffrent RADIUS server.

    1.If a NAS configured to have a primary and a backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the primary server goes down (Primary server won’t tell the NAS?). When sessions stop, the NAS sends the “Accounting-Stop” to the secondary. I understand the “Start-Stop” record with the same “user name” and “session-id” ideally should be recorded in the same server. If this situation happens what should both the NAS and RADIUS server do?
    2.A NAS configured to have a primary and backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the administrator decided to change the primary server (as there are problems with the previous primary). sessions stop, the NAS sends the “Accounting-Stop” to the new primary. This ends up the “Accounting-Start” and “Accounting-Stop” with the same “user name” and “session Id” in two RADIUS servers.
    To summarize, how to avoid the ”start-stop” pair ends up in different servers ? If it does, is it  an issue for RADIUS application ?
    Cheers,

    It is my understanding that the 'NAS_PORT' value in authentication and accounting request are unique and a different value for each authentication request allows it to identify those users that are logged in. However, sending one Acct-Unique-Session-Id at the Start and a different one at stop does sound fishy. However, I could not find any bugs related to this problem. Do let me know if you manage to locate something.

  • Ethernet Mac Address suddenly changed

    Hello all.
    I experienced a really unexpected issue today when I connected my laptop as I do every day when I get to work, but found that I had no access to any of my servers / sites that I usually connect to.
    When I checked my network configuration on the Network System Preferences pane, noticed that my IP (assigned by DHCP) has changed... As if this was not enough, I reviewed the "Advanced..." settings and then the "Hardware" tab to check my mac address and noticed that the one being showed, did not match the one I had saved on my records.
    I'm very aware that there are software that changes the NICs mac address at will, but I have not installed any of this software on my machine.
    As additional information, I connect my laptop through an Avaya telephone / extention and it has been resetted recently because I found that my telephone had an error showing on its display screen and I incline to think that the issue with my phone may have had something to do with my mac address change.
    For the record, the new mac address assigned is 00:01:01:22:1d:64
    Please any help will be really appreciated.
    Thank you so much.
    Renato

    Another odd behaviour yesterday:
    As many of other ML users out there, I'm experiencing frequent crashes when I quicklook a link inside Apple Mail. That was the case yesterday when I tried to preview a link without opening Safari, my Macbook panicked and rebooted... The surprise was that when the machine was up again, guess what? The ethernet's mac address changed again but this time went back to it's original number
    Problem solved? I don't think so, but there is something that is messing around with my system at the lowest level... I have thought about voltage peaks on the ethernet cable, even a (Mac) virus, I'm lost here.
    I examined the console logs but to be honest, I don't even know what or where to look for...
    A hardware test will be a start.

  • Using NAR to restrict access by MAC address

    Hello All,
    We have a solution where home users connect via ATM onto our network. Currenty their radius requests are passed onto Cisco ACS 3.3 and they are authenticated using RSA SecurID Fobs to an ACE server.
    I am trying to look at an alternative to using a SecurID fob and restrict the end user's access based on MAC address.
    I found this on the online documentation for ACS 3.3
    "About Non-IP-based NAR Filters
    A non-IP-based NAR filter (that is, a DNIS/CLI-based NAR filter) is a list of permitted or denied "calling"/"point of access" locations that you can use in restricting a AAA client. However, by entering an IP address in place of the CLI you can use the non-IP-based filter even when the AAA client does not use a Cisco IOS release that supports CLI or DNIS. In another exception to entering a CLI, you can enter a MAC address to permit or deny; for example, when you are using a Cisco Aironet AAA client. The format of what you specify in the CLI box—CLI, IP address, or MAC address—must match the format of what you receive from your AAA client. You can determine this format from your RADIUS Accounting Log."
    If I specify a clients MAC in any of the non IP NAR options (CLI, Port, DNIS)access is refused. I am using radius IETF and the only time I can see the MAC in the radius accounting logs is when I turn on the option to log cisco-av-pair. Nothing is being logged under CLI or DNIS, so I don't think I can restrict access based on MAC using a non IP NAR. Has anyone implemented what is referred to in the documentation above? Is it just applicable to cisco Aironet? Any ideas?
    Thanks.

    A NAR is a definition, which you make in Cisco Secure ACS, of additional conditions that must be met before a user can access the network. Cisco Secure ACS applies these conditions using information from attributes sent by your AAA clients. So it is not device specific.

  • Cannot enter MAC Address into Filter Settings for WAP4410N.

    When I do ipconfig /all to pull up its MAC address, I see it starts with 8C:60:XX:XX:XX:XX. When I try to add it to the 4th entry of my Client List on the AP4410N, it rejects it with a dialog box:
    "MAC 4 must be 12 Hex chars (0~9 and A~F) with optional delimiters (: or -), and the second bit is not a odd number."
    I checked over and over that the Wireless Card MAC address is correct and this is the first time I noticed a MAC address card starting with anything but 00.  Any ideas what I can do?
    THanks.

    Hi Nicolas,
    I see, since I have the first 2-bit of the wireless adapter with 8C..I will just change to 80? is that what you mean?
    Yes I'm sure iI can add that address to the list, but does it mean that my wireless adapter with 8C is the same with 80 and able to connect to wireless?
    Thanks
    Erik

  • No Start Records in Radius Accounting reports

    I do not see any start records in Radius Accounting reports but do see only Stop records ? any ideas as to why  this is happening
    btw I am running ACS 5.2

    Hi Vikram,
    Which device is this ?
    Can you share aaa configs of the device,
    Is it happening to all devices .
    Can we get debug aaa accounting from that device?
    Thanks
    Waris Hussain

  • Sync Mac Address Book - multiple Google accounts

    I hope this is the right place for this question.
    I understand that you can sync the Mac Address Book with Google accounts, but is there a way to sync that Mac Address Book with MULTIPLE Google accounts.
    Our scenario is that we have one iMac as our main database, and want to sync it to mine, and my wifes Google account.
    Thanks for any help.

    I have found a program called Spanning Sync
    http://spanningsync.com/
    It allows for multiple Google syncing

  • 2504 WebAuth and IPv6 RADIUS Accounting (IPv6-Framed-Address)

    Hi Board,
    I'm playing around with RADIUS Accounting in combination with local web authentication on the wireless LAN controller.
    So far so good - everything works well, but I'm missing the "IPv6-Framed-Address" in the RADIUS accounting messages.
    The only thing I can see is the v4 framed IP address and the "Framed-IPv6-Prefix". According to the configuration guide
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0101001.html#ID807
    the "IPv6-Framed-Address" should be sent by the WLC. I took a capture on a span port of the WLC to verify this. Anybody else experiencing this behavior or is it a simple misconfiguration on my side? In the client details I can see the global IPv6 addresses and the link-local.
    I tested it on a WLC 2504 with 8.0.100.0 code.
    Cheers
    Johannes

    Hi Board,
    I'm playing around with RADIUS Accounting in combination with local web authentication on the wireless LAN controller.
    So far so good - everything works well, but I'm missing the "IPv6-Framed-Address" in the RADIUS accounting messages.
    The only thing I can see is the v4 framed IP address and the "Framed-IPv6-Prefix". According to the configuration guide
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0101001.html#ID807
    the "IPv6-Framed-Address" should be sent by the WLC. I took a capture on a span port of the WLC to verify this. Anybody else experiencing this behavior or is it a simple misconfiguration on my side? In the client details I can see the global IPv6 addresses and the link-local.
    I tested it on a WLC 2504 with 8.0.100.0 code.
    Cheers
    Johannes

  • How to configure dot1x to check for mac address then to send to radius

    hi,
    is there any way on a switch to get a port to check a list of mac addresses then if the pc is not in that list send the request to a radius server. the radius we use is steelbelt radius.
    cheers
    tony

    Hi,
    It looks you are looking for the mac authentication bypass (MAB) feature.
    Please take a look at the feature in detail:
    http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/sw8021x.html#wp1205506.
    You can authenticate devices based on MAC address.
    Here is a step guide to configure it on older IOS releases:
    http://preview.cisco.com/en/US/docs/solutions/Enterprise/Campus/IBD/MACAuthB.html.
    12.2(50) and later IOS:
    http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/sw8021x.html#wp1196845.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

  • Can i change my email address on icloud account on phone? to email i used on new mac ?? do they need to be the same for optimal use?

    can i change my email address on icloud account on phone? to email i used on new mac ?? do they need to be the same for optimal use?

    Yes the Apple ID is the thing that ties your devices to you and shares your information and content between them.
    If you mean that Find My Phone is asking for a password to a different Apple ID to your current Apple ID.
    This feature has been introduced to make stolen phones useless to those that have stolen them.
    However it can also arise when the user has changed their Apple ID details with Apple and not made the same changes to their iCloud account/Find My Phone on their device before upgrading to iOS 7, or if you restore from a previous back up made before you changed your details.
    The only solution is to change your Apple ID back to its previous state with Apple at My Apple ID using your current password, you don’t need access to this address if it’s previously been used with your Apple ID, once you have saved these details enter the password as requested on your device and then turn off "find my phone" and delete the account from your device.
    You should then change your Apple ID back to its current state, save it once again and then log back in using your current Apple ID. Finally, turn "find my phone" back on once again.
    This article provides more information about Activation Lock.

  • I have a@mac email address i want to start reusing

    Hi
    I Have a....@mac email address i want to start reusing
    My Apple ID lists my Apple ID & Primary Email address    [email protected]  Verified
    My Alternate Apple ID & Alternate Email address   .            [email protected]  Verified     
                                                                                                  [email protected]
                                                                                    .             [email protected]
    When i try to add [email protected] i get this message          Email address is already verified for another Apple ID
    i want to use [email protected] as my primary Email address and get rid of the rest includung My alternate ID
    Can anyone Guide me through the process
    Best Regards
    frank

    Hi All
    I sorted this problem out myself
    Thanks for looking at the question
    Best Regards
    Frank

  • HT5622 .mac mail - I still use my .mac email address to access itunes, icloud, etc. Every once in a while, apple sends me confirmation, reservation, etc. emails to the .mac address. Can someone tell me how to access that email account?

    .mac mail - I still use my .mac email address to access itunes, icloud, etc. Every once in a while, apple sends me confirmation, reservation, etc. emails to the .mac address. Can someone tell me how to access that email account?

    Hi pjerl,
    Depending on when you originally set up your Apple ID, you may have @mac.com, @me.com, and @icloud.com email addresses associated with your account, but all mail sent to those addresses should still come in to the same iCloud account (you can test this to make sure by sending yourself emails at those addresses). You may find the following articles helpful:
    iCloud: About your @icloud.com, @me.com, and @mac.com email addresses
    iCloud: Using your @icloud.com email address
    Regards,
    - Brenden

Maybe you are looking for

  • I have windows 8.1 and itunes is installed but my ipod don't work with it?

    when i plug in my ipod itunes comes up and say "an ipod has been detected but it could not be identified properly.                                                                         please disconnect the ipod, then try again.                    

  • Dual Executable​s appear

    I have captured the TestStand 3.5 OI LabVIEW files in a LabVIEW 8.20 project file.  I've customized the OI a bit, and I use the Build Specifications area to build an executable.  When I run the executable, my customized OI appears, I can load sequenc

  • How do I convert emails to PDF from Outlook to make a file on the PC?

    how do I convert emails to PDF from Outlook to make a file on the PC

  • No Material Document Generate

    Dear Sir's, I have done the confirmation  against  production order and confirmation has been done and co14 report shows the confirmation of all the operation and Insfection lot generated and goods movement against that production order but no materi

  • 7.7.1 Registry Setting Used by iTune Drivers error message

    The auto update suggested updating my iTunes to 7.7.1. When I tried to download, the install failed. I downloaded 7.7.1 manually from the iTunes support website. On installation, I received the message 'Registry settings used by iTunes drivers for im