I have deployed a number of wireless networks with EAP authenticated through the users domain account details passed to ACS 4.1. This appears to work fine, but I have two questions regarding control of access.
1. I have configured RADIUS for the EAP and then added TACACS+ for the management access of the AP. Although going back to the same ACS server with different protocols I am unable to get the managment access control to work if both are active? Should this work?
2. How do I control which VLAN / SSID a user has access to? it seems as though there is no way to limit them to a specific SSID (other than not telling them it) If the users have a guess at the SSID then the possibility is that they can access a LAN they should not.
Any help would be very greatfully received.