cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
380
Views
0
Helpful
2
Replies

ACS with wireless 802.1x

arnis
Level 1
Level 1

We have some AP1100 using 802.1x authentication with a ACS server, that is then looking up users on a windows domain, that is working fine.

I would like to be able to have a specific group on the ACS that is then maped to a windows group, and when the wireless users try to get authenticated they are only allowed access if they belong to that group.

In our situation the users could possibly belong to other groups on the ACS, but should not be authenticated when they are in those groups.

just the one specific to the wireless.

any ideas ?

Arni

2 Replies 2

rochopra
Cisco Employee
Cisco Employee

You can implement it through NAR OR do dynamic vlan assignment for only one group, all others can fall into guest vlan or restricted vlan

Following whitepapar can help with NAR:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml

Remember for wireless CLI/DNIS NAR work.

~Rohit

Premdeep Banga
Level 7
Level 7

I would vote for CLI/DNIS based NAR in this scenario.

Regards,

Prem

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: