Restrict the use of a particular EAP method to a SSID

Unanswered Question
Feb 28th, 2007


I use a WLC and Cisco radius ACS.

I have two SSIDs, one for the IP phones using LEAP and one for the computers using PEAP. To authenticate on both SSIDs, I use the same username and password, only the EAP methods used is different.

My problem is that both EAP methods can be used to access to each SSID (LEAP or PEAP).

Is there any way to restrict the use of a particular EAP method to an SSID ?

Is it possible with the Cisco ACS ? Indeed, EAP methods are globally defined.

Thanks for your help,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Dominic Stalder Mon, 02/04/2008 - 05:05


We have exactly the same problem with IP phones and clients. We have 3 SSID's and would also like to use the two different EAP methods (LEAP and PEAP) on 1 ACS. How did you configure the ACS to support 2 EAP-Methods for 1 WLC?

Thanks in advance


lionellemaire Fri, 02/08/2008 - 03:12

You can use NAP with ACS 4.0.

you filter the profile based on called-station-id and this way you can restrict the type of eap.


Dominic Stalder Fri, 02/08/2008 - 04:03

Thanks a lot. We just installed ACS 4.1 (we had 3.2) so we couldn't configure NAP before.

Anonymous (not verified) Wed, 02/06/2008 - 11:17

Anonymous (not verified) Wed, 02/06/2008 - 12:24


This Discussion



Trending Topics - Security & Network