Local Authentication Only for Guest WLAN - Block RADIUS

Unanswered Question
May 17th, 2007
User Badges:

Hi. I have two wlan's, one secure for employees, one open for guests.


The secure wlan is using radius to authenticate domain users. And the guest wlan is set to use web-auth.


I would like to limit access to the guest wlan to Only local accounts created on the controller. However, it falls back to the radius server when a local account doesn't exist.


Is there any way to block the radius fallback only for the guest wlan? Should I be looking to prevent this on the radius server, or can it be done on the WLC?


This is a 4404 WLC v4.1, and about 50 1130 AP's.


Thanks for any advice.

http://www.cisco.com/en/US/products/ps6366/prod_technical_reference09186a0080706f5f.html

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wbcrbud Fri, 05/18/2007 - 09:57
User Badges:

Well, I normally don't reply to myself, but I found a way to implement this.


By creating a bogus RADIUS server and setting it as the AAA server for the guest wlan only the local accounts are able to authenticate on the guest wireless network.


This is more of a RADIUS DOS, but it's working for me.


Cheers!

Actions

This Discussion

 

 

Trending Topics - Security & Network