restrict which users can authenticate to which WLAN?

Unanswered Question

Hi,


We have a WLC4400 series with LWAP deployeed and we have two employee WLANS and one guest WLAN. Both employee WLANs are authenticated via radius to the same Cisco ACS 4.1 appliance. The ACS authenticates to windows AD. We plan to use EAP-TLS for both employee WLANs.


Is there a way to set up the restrictions in ACS such that users can only associate with the APs in the WLAN they are allowed? Both WLANs authenticates to the same Cisco Secure ACS 4.1 appliance.


For example,

- two usrs: userA, userB

- two SSIDs/WLANs: WLANA, WLANB

- user A can associate with any AP in WLANA but not in WLANB.

- user B can associate with any AP in WLANB but not in WLANA.


Thanks in advance,

Van

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rob Huffman Thu, 08/30/2007 - 13:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Van,


Have a look at this example, it sounds like what you are looking for;


Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example


http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml


Hope this helps!

Rob

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode