ACS SSID Restrictions

infosateng · ‎11-20-2009

Hello

I'm testing Authentication using Certificates on a Wireless 1121 AP which I have setup and works fine. I now want to restrict access to certain SSIDs to specific Groups in ACS. I've added a CLI/NDIS- based access restriction, but if I use a permit on a spectific SSID, I cannot connect on any SSIDs. But if I deny a specific SSID it permits all SSIDs. I have setup the following on ACS. I'm using ACS 4.2.

AAA Client: WAP-1100-5

Port: *

CLI: *

NDIS: *Engineering-Test

Engineering-Test is the SSID on the WAP.

Thanks

Jatin Katyal · ‎11-21-2009

Hi,

The way you configured NAR is absolutely correct. This is the only way we can confiure NAR to restrict WLAN access based on SSID. I would suggest you to remove the NAR settings and reconfigure it.

Restrict WLAN Access based on SSID with WLC and Cisco Secure ACS Configuration Example

http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

NAR white paper

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml

If the above suggestion doesn't work, please get the pcakage.cab file from the ACs with logging set to full. we need to check the auth.log and RDS.log


HTH

JK

~Jatin

infosateng · ‎11-23-2009

Hello

Do I need a Controller to get this to work, as I only have a 1121 AP and ACS 4.2. If so, is there another way I can restrict a specific SSID to a Specific Radius Group.

Thanks