Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
3
Replies

4402 Guest Access Issues

charlesdf22
Level 1
Level 1

‎02-05-2007 05:44 AM - edited ‎07-03-2021 01:34 PM

We currently have a 4402 Controller with several AP's configured and working great. We have 2 SSID's mapped to 2 different VLAN's as well. 1 SSID is for Internal use and has EAP-FAST, ACS Auth, etc configure. The Guest SSID is using the local net usernames as expected, however, it is also using the ACS server as well. We would prefer to prevent internal employees from even being able to authenticate to the Guest SSID. Any ideas?

Labels:
0 Helpful
3 Replies 3

Richard Atkin
Level 4
Level 4

‎02-07-2007 03:19 PM

ACS can impose rules on groups, simply set your Staff groups allowed NDIS value to "*ESSID" (for example) and that should do the trick. It's important to put the * infront of your ESSID name.

HTH,

Rich A

0 Helpful

charlesdf22
Level 1
Level 1
In response to Richard Atkin

‎02-13-2007 02:19 PM

This doesn't seem to do it for me.

Here's what I have on the ACS Server for the Default Group:

Define IP-based access restrictions (checked)

Denied Calling/ Point of Access Locations

NDG:TACACS (For our switches/ routers

Port: *

Address *

Define CLI/DNIS-baswed access restrictions

Permitted Calling/ Point of Access Locations

Controller

Port: *

CLI: *

DNIS: *Internal

Thanks in advance

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card