Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Single SSID - two acls

Hey guys,

I have a question here.  I am setting up a Cisco 5508 wireless controller and was looking for some feedback or assistance.  Basically I already have my guest SSID configured and functioning.  Created an interface group containing my vlans and applied the created ACL "Guest Policy - internet only", which is also working.

I want to setup a second SSID called "staffstudent" and use RADIUS for authentication.  I have already created two separate network policies on the radius server: staff and student.  Each only allows certain user groups.  I want to be able to differentiate on the controller side which profile they are logging in on and then apply the correct ACL.  I have two currently configured:  one for staff and one for student.  It appears to me that since you have to apply the ACL at the interface level I cannot use both since my interface is accepting both staff and students. 

Is there a way I can filter them using RADIUS so that when they login RADIUS can return a "student" value and then apply the correct ACL?  Same for staff?


  • Getting Started with Wireless
Everyone's tags (5)

Single SSID - two acls

You can use AAA Override in the WLAN and have the ACL applied per user.


Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Single SSID - two acls

That does seem to be what I am looking for but I am using the windows 2008 NPS instead of Cisco.  Any idea of what attribute I should be sending with my two configured groups from the NPS?

This widget could not be displayed.