restrict which users can authenticate to which WLAN?

Unanswered Question


We have a WLC4400 series with LWAP deployeed and we have two employee WLANS and one guest WLAN. Both employee WLANs are authenticated via radius to the same Cisco ACS 4.1 appliance. The ACS authenticates to windows AD. We plan to use EAP-TLS for both employee WLANs.

Is there a way to set up the restrictions in ACS such that users can only associate with the APs in the WLAN they are allowed? Both WLANs authenticates to the same Cisco Secure ACS 4.1 appliance.

For example,

- two usrs: userA, userB


- user A can associate with any AP in WLANA but not in WLANB.

- user B can associate with any AP in WLANB but not in WLANA.

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Rob Huffman Thu, 08/30/2007 - 13:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Van,

Have a look at this example, it sounds like what you are looking for;

Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example

Hope this helps!



This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode