We have a WLC4400 series with LWAP deployeed and we have two employee WLANS and one guest WLAN. Both employee WLANs are authenticated via radius to the same Cisco ACS 4.1 appliance. The ACS authenticates to windows AD. We plan to use EAP-TLS for both employee WLANs.
Is there a way to set up the restrictions in ACS such that users can only associate with the APs in the WLAN they are allowed? Both WLANs authenticates to the same Cisco Secure ACS 4.1 appliance.
- two usrs: userA, userB
- two SSIDs/WLANs: WLANA, WLANB
- user A can associate with any AP in WLANA but not in WLANB.
- user B can associate with any AP in WLANB but not in WLANA.
Thanks in advance,