Network Topology
AC connects to iMC for wireless 802.1x authentication
Problem Description
The EIA access service access scenario matches the access policy based on AP grouping but does not take effect matching a policy with lower precedence
Process Analysis
The AP group added the NAS ID of the AP
Meanwhile, the AP also has a configured NAS ID
When the user goes online, the carried NAS ID is not the one configured under the AP view but the ACs
Collect UAM debug logs. The NAS ID in the code1 access-request matches the user information, both belonging to the AC
This shows that the NAS ID carried in the device access-request does not belong to the AP group, resulting in failure to match the access scenario
Solution
The interaction packet sent by the device to IMC is RADIUS. The NAS-ID carried in the RADIUS packet has only two sources: one is the NAS-ID bound when the access VLAN is bound under the radio frequency (RF), and the other is the NAS-ID configured in the ISP view. Since the customer configures it under the AP view, it is not carried.
To meet the requirement of different APs carrying different NAS-IDs, it is recommended that the customer bind the NAS-ID separately when binding the service template under the AP view.
wlan ap ap1 model xxx
radio 1
service-template xxx vlan xxx nas-id xxxx