01-10-2008 07:56 AM - last edited on 03-25-2019 05:24 PM by ciscomoderator
Hi There
Is it possible to "link" a SSID to a User Group in ACS 3.3 ?
If there are 10 User Groups (Active Directory) in ACS and there are 4 SSID's, how can you prevent "Guest Users" from User Group 100 to connect to a non-Guest user SSID ? The Guest User group IS a valid group. If there is no match with the "production group", but there is a match with the Guest Group, the guest users can log in to the production SSID. Isn't it ?
Gr.
Remco
01-10-2008 11:22 AM
Hi Remco
Yes you can do this. You can either assign the user into a specific vlan with Radius or you can assign a user to a specific SSID with Radius.
I'm assuming that you have ACS configured to authenticate against AD.
Have a read of this link. At the end it gives configuration examples of how to setup per user SSID assignment.
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html
HTH
Jon
01-11-2008 07:43 AM
Hi Jon
I dont think that this is the solution. Maybe you do not understand what my problem is. I'll trie to explain it in another way..
There are two SSID's. 1=Production, 2=Guest
VLAN assignment on 4400 controller is done by the ACS RADIUS Server
John is member of Production AD Group, Peter is member of Guest AD Group.
When Peter configures the "Production" SSID, he has to authenticate... ACS can see that he belongs just to Group "Guests" and places Peter in VLAN Guest. Right now Peter is conected to SSID Production, but in VLAN Guest....
And another problem: What will happen when a user can connect to two different SSID's (Production and Test) with the same username ? I think that the first match will allways places the user in the VLAN corresponding to the first group... Isn't it ?
Remco
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: