4402 Guest Access Issues

Unanswered Question
Feb 5th, 2007

We currently have a 4402 Controller with several AP's configured and working great. We have 2 SSID's mapped to 2 different VLAN's as well. 1 SSID is for Internal use and has EAP-FAST, ACS Auth, etc configure. The Guest SSID is using the local net usernames as expected, however, it is also using the ACS server as well. We would prefer to prevent internal employees from even being able to authenticate to the Guest SSID. Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Atkin Wed, 02/07/2007 - 15:19

ACS can impose rules on groups, simply set your Staff groups allowed NDIS value to "*ESSID" (for example) and that should do the trick. It's important to put the * infront of your ESSID name.


Rich A

charlesdf22 Tue, 02/13/2007 - 14:19

This doesn't seem to do it for me.

Here's what I have on the ACS Server for the Default Group:

Define IP-based access restrictions (checked)

Denied Calling/ Point of Access Locations

NDG:TACACS (For our switches/ routers

Port: *

Address *

Define CLI/DNIS-baswed access restrictions

Permitted Calling/ Point of Access Locations


Port: *

CLI: *

DNIS: *Internal

Thanks in advance


This Discussion



Trending Topics - Security & Network