ACS only allow 7921G phones on a certain SSID - block others

Unanswered Question
Feb 29th, 2008
User Badges:

Hello, we have just deployed an SSID of hVoIP and applied CAC and QoS. It works well. We have a "data" SSID of DATA.

Is there a way to only allow the Cisco wireless phones to authnticate to this SSID and block, say laptops or other WiFi phones, from authenticating. We don't want people to connect their laptops to this network to get their data prioritized and ruin the network for the calls.

We have LWAPP AP's, WiSM's, and ACS 4.1.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Richard Atkin Sun, 03/02/2008 - 09:32
User Badges:
  • Silver, 250 points or more

Couple of ways you can do this...

First, just have one SSID, and assign users to VLANs and give them ACL / QoS / CoS settings dynamically. This can be done in ACS using the airespace attributes, and enabling "Allow AAA Override" on the WLAN in the WLC.

Second, in your ACS Groups, you can specify which SSIDs a user is allowed to come from, this is done (from memory) using the NDIS settings. With this method, you go to the groups that your data users come from, and specify that they can only connect from the "data" ssid, and same again for the phones.

HTH, plenty of docs on CCO about this...



netwrkgod Mon, 03/03/2008 - 05:02
User Badges:

What if the user uses the same username/password for logging into their laptop as they do for the phone?


This Discussion



Trending Topics - Security & Network