08-01-2007 01:56 AM - edited 03-10-2019 03:18 PM
We have some AP1100 using 802.1x authentication with a ACS server, that is then looking up users on a windows domain, that is working fine.
I would like to be able to have a specific group on the ACS that is then maped to a windows group, and when the wireless users try to get authenticated they are only allowed access if they belong to that group.
In our situation the users could possibly belong to other groups on the ACS, but should not be authenticated when they are in those groups.
just the one specific to the wireless.
any ideas ?
Arni
08-01-2007 08:52 AM
You can implement it through NAR OR do dynamic vlan assignment for only one group, all others can fall into guest vlan or restricted vlan
Following whitepapar can help with NAR:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml
Remember for wireless CLI/DNIS NAR work.
~Rohit
08-02-2007 10:14 AM
I would vote for CLI/DNIS based NAR in this scenario.
Regards,
Prem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide