11-20-2009 11:00 AM - edited 03-10-2019 04:48 PM
Hello
I'm testing Authentication using Certificates on a Wireless 1121 AP which I have setup and works fine. I now want to restrict access to certain SSIDs to specific Groups in ACS. I've added a CLI/NDIS- based access restriction, but if I use a permit on a spectific SSID, I cannot connect on any SSIDs. But if I deny a specific SSID it permits all SSIDs. I have setup the following on ACS. I'm using ACS 4.2.
AAA Client: WAP-1100-5
Port: *
CLI: *
NDIS: *Engineering-Test
Engineering-Test is the SSID on the WAP.
Thanks
11-21-2009 07:45 AM
Hi,
The way you configured NAR is absolutely correct. This is the only way we can confiure NAR to restrict WLAN access based on SSID. I would suggest you to remove the NAR settings and reconfigure it.
Restrict WLAN Access based on SSID with WLC and Cisco Secure ACS Configuration Example
http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml
NAR white paper
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml
If the above suggestion doesn't work, please get the pcakage.cab file from the ACs with logging set to full. we need to check the auth.log and RDS.log
HTH
JK
11-23-2009 08:38 AM
Hello
Do I need a Controller to get this to work, as I only have a 1121 AP and ACS 4.2. If so, is there another way I can restrict a specific SSID to a Specific Radius Group.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: