AP with EAP and managment control through ACS

Unanswered Question
May 10th, 2007

I have deployed a number of wireless networks with EAP authenticated through the users domain account details passed to ACS 4.1. This appears to work fine, but I have two questions regarding control of access.

1. I have configured RADIUS for the EAP and then added TACACS+ for the management access of the AP. Although going back to the same ACS server with different protocols I am unable to get the managment access control to work if both are active? Should this work?

2. How do I control which VLAN / SSID a user has access to? it seems as though there is no way to limit them to a specific SSID (other than not telling them it) If the users have a guess at the SSID then the possibility is that they can access a LAN they should not.

Any help would be very greatfully received.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
DigitalAirWireless Mon, 05/14/2007 - 12:35

Hi ihill,

in answer to your second question there is a couple of ways that you can do this depending on the amount of control you have over your clients.

You could use dynamic VLAN assignment:


You could use Active Directory wirelss group policy to define prefered wirless networks for your clients

Or you could use a 3rd party supplicant like the Juniper Network's Odyssey Access Client


hope this helps


*pls rate all useful posts


This Discussion



Trending Topics - Security & Network