Hi,
The 'Call Station ID' is one of the RADIUS attributes that we can use for our SSID matching logic in our policy. From my experience of a number of wireless vendors, this seems to be the RADIUS attribute that is most commonly sent by an EAP authenticator (i.e. AP or WLC) that contains SSID information that we can use to pattern match.
The actual attribute contains the MAC address of the client, together with the text of the SSID name in a format similar to this:
00-00-bb-cc-dd-ee:<SSID_Name>
In the attribute value that we specify in our policy to match our SSID, we are actually specifying a regular expression to match the end of the Call Station ID string (i.e. our SSID). For instance, if our SSID name is "Staff_Net", then to match it in our policy, we simply put a dollar symbol ($) at the end of the string we want to match. In this case, we simply put the value: "Staff_Net$"
Here's more information regarding NPS security:
https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-configure
I hope this answers your question.
-------------
--If the reply is helpful, please Upvote and Accept as answer--