Restrict the use of a particular EAP method to a SSID

claeysg · ‎02-28-2007

Hello,

I use a WLC and Cisco radius ACS.

I have two SSIDs, one for the IP phones using LEAP and one for the computers using PEAP. To authenticate on both SSIDs, I use the same username and password, only the EAP methods used is different.

My problem is that both EAP methods can be used to access to each SSID (LEAP or PEAP).

Is there any way to restrict the use of a particular EAP method to an SSID ?

Is it possible with the Cisco ACS ? Indeed, EAP methods are globally defined.

Thanks for your help,

Gaetan

Dominic Stalder (old profile) · ‎02-04-2008

Hi

We have exactly the same problem with IP phones and clients. We have 3 SSID's and would also like to use the two different EAP methods (LEAP and PEAP) on 1 ACS. How did you configure the ACS to support 2 EAP-Methods for 1 WLC?

Thanks in advance

Dominic

lionellemaire · ‎02-08-2008

You can use NAP with ACS 4.0.

you filter the profile based on called-station-id and this way you can restrict the type of eap.

cheers,

Dominic Stalder (old profile) · ‎02-08-2008

Thanks a lot. We just installed ACS 4.1 (we had 3.2) so we couldn't configure NAP before.

Report Inappropriate Content · ‎02-06-2008

Report Inappropriate Content · ‎02-06-2008