11-04-2024 02:20 AM
I've added my XIQ-C instance to my XIQ-SE Instance and would like to create a rule where the condition check is the Site ID that is defined in XIQ-C.
We have an SSID that is broadcasted to different sites, and depending on which site the request is comming from, the client should be placed in a different VLAN.
Can I input my Site Name to the AP IDs and treat it like a location name, without an additional modifier like /World, or is there a special Syntax that is required?
In XIQ-SE I would set Location_Name the same as Site_Name from XIQ-C. Would that work?
Solved! Go to Solution.
11-04-2024 05:56 AM
Hello,
In XIQ-C, please go into the AAA configuration for the WLAN and select the Called-Station ID injection information that you'd like to use:
You will then use the desired information within the "AP ID" field for the location group matching.
Control will read the modified called-station-ID to create a new attribute internally called "Zone". It will rebuild the called station ID from other information in the AVP and then have the "Zone" AVP available for matching using information from the "AP ID" field in the location group.
Thanks
-Ryan
11-13-2024 06:42 AM
Hello,
Yes, you can use any combination of SSID and AP ID criteria.
It's been a while since I've looked at the AP location integration.
I want to say this was an integration with the Identifi controller where we could sync maps between the controller and XMC so the the controller would feed the location in the map back to Control through a RADIUS AVP.
I can't be sure though.... it's been a while.
If you want to use the AP location I would suggest a GTAC case so we can formally investigate.
Thanks
-Ryan
11-04-2024 05:56 AM
Hello,
In XIQ-C, please go into the AAA configuration for the WLAN and select the Called-Station ID injection information that you'd like to use:
You will then use the desired information within the "AP ID" field for the location group matching.
Control will read the modified called-station-ID to create a new attribute internally called "Zone". It will rebuild the called station ID from other information in the AVP and then have the "Zone" AVP available for matching using information from the "AP ID" field in the location group.
Thanks
-Ryan
11-13-2024 02:27 AM - edited 11-13-2024 02:29 AM
Hi Ryan
thank you very much for your suggestion.
So I've changed the Called Station ID to Site Name and in the control logs from XIQ-SE I see on the Port Info Raw field that it gets the information about the SSID and Site Name, and as you said there it is an AVP named AP_ZONE_OR_GROUP.
Here a sample output from the XIQ-SE control logs:
Port Info Raw
AP_MAC=AA-BB-CC-DD-EE-FF AP_NAME=AP_Name AP_SERIAL=123456789 AP_ZONE_OR_GROUP={My Site Name} SSID={My SSID}
So with this information I can distinguish from which Site the Auth request came from and the system can apply a different role, based on the differing conditions.
A quick note for anyone implementing something similar: I’ve set the filter ID on the Policy Mapping to match a role name that exists on XIQ-C. This way, the XIQ-SE returns the role name, allowing the Wireless Controller to apply it to the authorized client.
11-05-2024 04:34 AM
Hi Ryan
thank you for your explanation. The thing is I'd like to also check the SSID name in my location group, so if I change the Called Station ID to Site Name, would I still be able to check for the SSID name that is called by the client?
And the thing is, there is the field "Location" in the Wireless tab of XIQ-SE. The AP's have the location name that is identical to the Site Name, where they're assigned to and in the location group I can set a Location as a condition. Is it not the same thing?