Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS Authentication


I’m doing a design around authentication for wireless LAN using the Cisco ACS 5.5 platform.


I’m trying to find answers to below but not having much luck. 


·         If there are two SSIDs setup on the wireless LAN network, one for internal corporate access (users connect with their corporate laptop) and one for external internet browsing (same user connect with his own smart phone - not Guest wifi). The user authenticate against the same ACS RADIUS server using Active Directory, will the user devices be able to log into either network or will the device only be able to connect to the SSID that they have been authenticated against ?

o   If the latter, is there a way to set the ACS up to authenticate a device against an SSID not allowing that device to connect to another SSID without being authenticated again ?


·         Can the ACS differentiate between users in different AD Groups or does it use the AD as a authentication source for user account only, without including any AD group policy information ?



·         What is Cisco’s best practice for integrating the AD with the ACS?

o   Is the implementation of a separate Windows server with an ACS agent that provides the integration with AD a valid supported option ?