Wireless SSO and Sophos AP's

Not right now.

The AP does not support radius framed ip address. But DEV is already working on this feature for the AP to support this.

It is a limitation of the AP, not XG. If the AP would do this, it will perfectly work right now.

Thanks for the confirmation. Is this documented somewhere and I just missed it?

Could you explain a bit how it will work? I think of a few ways that this could work:

1. AP snoops the IP associated with the MAC and sends interim accounting packets
2. XG snoops the IP associated with the MAC (only if on the same LAN segment, and would also work for 802.1x wired security))
3. XG associates the user to the MAC instead of to the IP (only if on the same LAN segment, and would also work for 802.1x wired security)
4. XG DHCP does the MAC->IP association when it hands out the DHCP lease (only if XG is DHCP server)

Also is there an ETA on this feature?

Thanks

James

Thanks for the confirmation. Is this documented somewhere and I just missed it?

Could you explain a bit how it will work? I think of a few ways that this could work:

1. AP snoops the IP associated with the MAC and sends interim accounting packets
2. XG snoops the IP associated with the MAC (only if on the same LAN segment, and would also work for 802.1x wired security))
3. XG associates the user to the MAC instead of to the IP (only if on the same LAN segment, and would also work for 802.1x wired security)
4. XG DHCP does the MAC->IP association when it hands out the DHCP lease (only if XG is DHCP server)

Also is there an ETA on this feature?

Thanks

James

It is documented in the Online help.

http://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/WPGlobalSetting.html?hl=radius

And as far as i know, this mechanism is documented in RFC.

https://tools.ietf.org/html/rfc2866

https://tools.ietf.org/html/rfc2865

It is called framed IP address.