How to restrict guests to guest WLAN using RADIUS

Unanswered Question

Using 2811 with integrated WLCM

I have 2 SSIDs, business and guest. The business is only for employees and guest is for everyone else. MAC filtering is in place for both and I have per-user bandwidth restrictions for the guest SSID. I now need a way to direct guests to the guest SSID and employees to the business SSID via RADIUS. All I need is a simple attribute or identifier so RADIUS knows which SSID the user is trying to connect and can then deny or allow access. I connected to both and checked the RADIUS logs but there is no way to tell which SSID I connected to in the logs.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Mehdi_ab Thu, 12/20/2007 - 15:12

Do u use an ACS?

If yes, simply configure the group of the users NAR.

AAA client-2811 IP address

Port-*

CLI-*

DNIS-*business (or guest)

This will not "redirect" the users to the right SSID but will permit/deny the user access to the WLAN based on the SSID they're trying to associate with.

Another way to do it is to actually define two profiles with different AAA but same SSID.

Example SSID = ACME Profile Business AAA=WPA2

SSID= ACME Profile Guest AAA=none (web auth etc)

Then you can restrict access based on the profile (apply ACL etc)

This doc might help

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

Actions

This Discussion

 

 

Trending Topics - Security & Network