How to bind ACS users to only one SSID?

Unanswered Question
Jul 28th, 2009
User Badges:


I have ACS 4.2 and AP 1240. I`m use two SSID - guest and user. Guest ssid must use PEAP authentication, user ssid must use EAT-TLS authentication (acs user local database). All work correctly. But when i create user for EAP-TLS, i`m create with username of DN certificate and some password. And somebody can use DN as username and password for PEAP authentication for ssid Guest and ssid Users.

How can i make for ssid guest that work only PEAP authentication and for ssid work only EAP-TLS authentication?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
drolemc Mon, 08/03/2009 - 13:14
User Badges:
  • Silver, 250 points or more

The guest WLAN uses web authentication to authenticate users and the secure internal WLAN uses Extensible Authentication Protocol (EAP) authentication.

Layer 2 Security option at the default value 802.1x because EAP authentication is used for the internal WLAN users.

dancampb Tue, 08/04/2009 - 04:45
User Badges:
  • Cisco Employee,

Are you using autonomous or lightweight AP's? If you have a controller you could setup the Radius attributes to specify which WLAN the user can authenticate to.

Another option would be to setup dynamic VLAN assignment. This would work for either type of AP. The user might still be able to authenticate to either WLAN but after passing authentication they would be dumped into the VLAN you define.


This Discussion



Trending Topics - Security & Network