I would like to seek for your expertise to solve my question.
I have 1x WISM with Few lightweight AP, now i configure 3 SSID which all bind to one AP group in the WISM.
Each SSID has different AP interface(VLAN ID), and all SSID is using layer 3 security - Web Authetication via the Cisco Secure ACS-SE Internal Database. Inside the ACS-SE, it has 3 group - Student, Staff, and Guest which same with WISM SSID.
My objective is to make sure each SSID user only authenticate to cisco secure ACS-SE specific "group local database"(not sure right term or not), to avoid authorization issue For example - student/Guest intent to use the "staff SSID" then authetication success and gain the more right(due to same local database).
1. How to bind the specific SSID to Cisco Secure ACS-SE Group, and authenticate the user only which using the specific group database ? It is possible ?? Otherwise, it look like have to implement one more ACS to achieve the objetive.
2. The reason to do that is allowed different user get own privilege without step over own line, or in other word - Get the specific IP address via DHCP Server. Then I can control user based on the IP address.
3. Any other way to achieve getting different network address with using Layer 3 Security - Web authication via 1 Cisco secure ACS-SE.
Appreciate your kindly Guide. (^_^)