Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

4402 Guest Access Issues

We currently have a 4402 Controller with several AP's configured and working great. We have 2 SSID's mapped to 2 different VLAN's as well. 1 SSID is for Internal use and has EAP-FAST, ACS Auth, etc configure. The Guest SSID is using the local net usernames as expected, however, it is also using the ACS server as well. We would prefer to prevent internal employees from even being able to authenticate to the Guest SSID. Any ideas?


Re: 4402 Guest Access Issues

ACS can impose rules on groups, simply set your Staff groups allowed NDIS value to "*ESSID" (for example) and that should do the trick. It's important to put the * infront of your ESSID name.


Rich A

New Member

Re: 4402 Guest Access Issues

This doesn't seem to do it for me.

Here's what I have on the ACS Server for the Default Group:

Define IP-based access restrictions (checked)

Denied Calling/ Point of Access Locations

NDG:TACACS (For our switches/ routers

Port: *

Address *

Define CLI/DNIS-baswed access restrictions

Permitted Calling/ Point of Access Locations


Port: *

CLI: *

DNIS: *Internal

Thanks in advance

Cisco Employee

Re: 4402 Guest Access Issues