Thank you for your reply, my mistake i didnt explain on the requested potions. Am using WiSM Blade, AP's are LWAPP AP's. Am just using the WLC splash screen. I just need to block the AD users from using the web access.
I've implemented this on my current project, but run into a bit of a hitch: My guest users are correctly blocked from connecting to the internal SSID; however, my internal users are NOT being blocked from using the guest SSID. I suspect this may be because the guest SSID does not use 802.1X, and the guide seems to imply that 802.1X is a mandatory part of this config.
Under IOS, it was possible to set up Radius VSAs in ACS which would let you use Cisco AV-Pairs to limit the permissible SSIDs per group or user, as per this document:
This is a well known and documented bug that was allowed to stay in as a feature. To stop your internal people from connecting go to the WiSM gui to controller. Under the Web RADIUS Authentication select a method not currently configure on your RADIUS server. In most case MD5-CHAP is not installed on a RADIUS. This will cause the client to fail. The process is for authentication flows like this. First attempt to resolve username and password is against internal database on controller and the second attempt is against the RADIUS configured on the management interface.
really appreciate the information you have posted, i will check on the information after read your link. please update me once you have close the TAC case. at least i will have a clear picture on this issue.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...