Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Cisco Employee

Mapping SSID with authentication protocol

Hi Team ,

My customer wants to have mapping of WLAN SSID with   different authentication protocol as show below .

1: EMP-M for Mschap

2: EMP-G   for Peap GTC

3: EMP-T   for TLS

For example EMP-M SSID users should be connected with only PEAP(MSCHAPv2) and not on other methods like PEAP-GTC/EAP-TLS .

customer is currently having WLC 5508 and using ISE for AAA . Any tip how we can do the above requirement through WLC .

Regards

Sankar

Everyone's tags (4)
4 REPLIES

Re: Mapping SSID with authentication protocol

Hi,

Not through WLC, But through AAA server. It can be done with ACS 5.x but i have no experience with ISE to tell but i think it is

Possible.

You can ask in security AAA forums.

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
Hall of Fame Super Silver

Mapping SSID with authentication protocol

Simple... if you want to have 3 SSID's, your create a new SSID and name the profile EMP-M and set the SSID to EMP-M.  Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x.  Create your seconds WLAN and anme the profile EMP-G and set the SSID to EMP-G.  Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x. Create your third SSID and name the profile EMP-T and set the SSID to EMP-T. Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x.

The lookup to what users belong or can authenticate to what authentication protocol is defined in your ISE.  Your WLC will be a AAA client in ISE and you will define the ISE as a radius server and point each of the WLAN to use ISE for radius.  Your ISE policy in order to differentiate the different SSID's, you will need to have three differnt policies and use the following to specifiy only from this SSID:

.*EMP-M

.*EMP-G

.*EMP-T

Hope this helps.... now you just have to figure out your vaious ISE policies.

-Scott
*** Please rate helpful posts ***
Cisco Employee

Mapping SSID with authentication protocol

Thanks Scott  for your valuable input.

How we can map the SSID in the ISE policy . any pointers to link or configuration  example will be helpfull.

Hall of Fame Super Silver

Mapping SSID with authentication protocol

You first need to understand what you want to do, which includes if you want to profile, posture, etc.  That is where you have to understand what you can do and what you want to do.  If its basic, take a look at this video and then when you create your polices, you can specify the .*SSID to differentiate the SSID's, of course you will have three polices just for the wireless.

https://supportforums.cisco.com/videos/2480

-Scott
*** Please rate helpful posts ***
608
Views
0
Helpful
4
Replies