12-07-2007 07:52 AM - edited 07-03-2021 03:04 PM
Using 2811 with integrated WLCM
I have 2 SSIDs, business and guest. The business is only for employees and guest is for everyone else. MAC filtering is in place for both and I have per-user bandwidth restrictions for the guest SSID. I now need a way to direct guests to the guest SSID and employees to the business SSID via RADIUS. All I need is a simple attribute or identifier so RADIUS knows which SSID the user is trying to connect and can then deny or allow access. I connected to both and checked the RADIUS logs but there is no way to tell which SSID I connected to in the logs.
12-19-2007 02:34 AM
Not sure if this is what you are really looking for but have a look at the following URL, there are lot's of options but it should give you some ideas
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
It is geared towards LWAP's but I have done the same with autonomous ones.
Hope this helps .. Chris
12-20-2007 03:12 PM
Do u use an ACS?
If yes, simply configure the group of the users NAR.
AAA client-2811 IP address
Port-*
CLI-*
DNIS-*business (or guest)
This will not "redirect" the users to the right SSID but will permit/deny the user access to the WLAN based on the SSID they're trying to associate with.
Another way to do it is to actually define two profiles with different AAA but same SSID.
Example SSID = ACME Profile Business AAA=WPA2
SSID= ACME Profile Guest AAA=none (web auth etc)
Then you can restrict access based on the profile (apply ACL etc)
This doc might help
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide