cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
501
Views
10
Helpful
4
Replies

device authorisation on ACS

jain.nitin
Level 3
Level 3

Hi All, Can any one help me on Device authentication on ACS server. I have WI-FI setup with some lighteight access point & Wireless controller (WiSM). Now I want to controll device access like PDA can have limited access to network over wireless where as laptop users have unlimited access to network..I have configured single SSID & multiple vlans with the help of ACS 4.1.I can not configure another SSID on controller.Even I can not configure different user ID for PDA users, they want to use Windows User ID on laptop as well as on PDA. So I dont have option to controll PDA & Laptops on user id & ssid basis. Is there any other way to controll these devices on ACS or wireless controller so that I can controll the devices's access.

Thanks

4 Replies 4

Premdeep Banga
Level 7
Level 7

Hi,

That is quite interesting....

What I can think of right now is to use NAP.

Filter the authentication request based on MAC address, calling station ID, that will come in Access Request.

PDA's (if of a particular manufacturer) will have some similarity in MAC address as compared to Laptops.

Which, you can filter based on Advanced Filtering option.

And once that request comes under the defined NAP, for for RAC, and configure radius attribute 64, 65 and 81, to make PDA's go into different VLAN's as compared to Laptops.

Logically it should work, if I understand this correctly :)

Worth a try.

Please share the results, if you decide to go for it.

Regards,

Prem

Hi Prem, Thanks for you reply. I just want to know do you have procedure how to configure it. Actually I want to know how can I feed the mac address in ACS for 1000+ devices....can you explain me in deep.

Thanks

I can give you a hint, you have to test it,

Under NAP, under Profile Setup, make use of Advanced Filtering.

Calling station Id = xx:xx:xx*

Where xx:xx:xx is the vendor specific MAC code, that you can use to differentiate b/w Laptops and PDA's, then using Authorization under NAP, configure attribute 64, 65 and 81.

Regards,

Prem

JAMES HARVEY
Level 4
Level 4

Did you ever figure this out? We're trying to do precisely the same thing. (Without much luck)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: