I’m doing a design around authentication for wireless LAN using the Cisco ACS 5.5 platform.
I’m trying to find answers to below but not having much luck.
·If there are two SSIDs setup on the wireless LAN network, one for internal corporate access (users connect with their corporate laptop) and one for external internet browsing (same user connect with his own smart phone - not Guest wifi). The user authenticate against the same ACS RADIUS server using Active Directory, will the user devices be able to log into either network or will the device only be able to connect to the SSID that they have been authenticated against ?
oIf the latter, is there a way to set the ACS up to authenticate a device against an SSID not allowing that device to connect to another SSID without being authenticated again ?
·Can the ACS differentiate between users in different AD Groups or does it use the AD as a authentication source for user account only, without including any AD group policy information ?
·What is Cisco’s best practice for integrating the AD with the ACS?
oIs the implementation of a separate Windows server with an ACS agent that provides the integration with AD a valid supported option ?