Cisco avpair SSID and WLC

Unanswered Question
Jul 22nd, 2009
User Badges:

Hi!

I'd like to differenciate users sharing the same ldap directory and radius authentication.

For example, if I have a student and a teacher, i'd like to be sure that the student will stay on its vlans and so on.

I can do this by using vlan attributes and aaa override but if I do that, I will have for example a student connected to the teacher SSID but on the student vlan. It's not a pretty situation...

I read that we can use an cisco avpair attribute to force users to connect only on their SSID but it doesn't seem to work with controller.

Is anybody have a solution for my case?

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
weterry Wed, 07/22/2009 - 18:59
User Badges:
  • Silver, 250 points or more

I've used av-pair on the WLC for Web Splash Page, but not ssid restrictions.


I did however find this documentation: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml


It refers to configuing a NAR (Network Access Restriction) in ACS which makes it sound like you can limit a user to a specific SSID.

angedibartolo Wed, 07/22/2009 - 23:07
User Badges:

Thanks for your reply.

So, regarding this document, the WLC include by default an information concerning the SSID on its access-request to a radius server, right?

dancampb Thu, 07/23/2009 - 04:38
User Badges:
  • Cisco Employee,

Correct. The access-request would include the SSID in the access-requests. If the SSID is not one of the ones specified in the DNIS the Radius server would reject the request.

kyawzawhtut Thu, 07/23/2009 - 04:53
User Badges:

Hi


let me piggy back your thread. I have the same issue but I am not using WLC instead I am using "Autonomous AP". I believe by default it will not send ssid in authentication request.


How can I achieve the same result in autonomous ap?


Could you please help.


Thanks in advance.


Regards

Joe

Actions

This Discussion

 

 

Trending Topics - Security & Network