Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

AP with EAP and managment control through ACS

I have deployed a number of wireless networks with EAP authenticated through the users domain account details passed to ACS 4.1. This appears to work fine, but I have two questions regarding control of access.

1. I have configured RADIUS for the EAP and then added TACACS+ for the management access of the AP. Although going back to the same ACS server with different protocols I am unable to get the managment access control to work if both are active? Should this work?

2. How do I control which VLAN / SSID a user has access to? it seems as though there is no way to limit them to a specific SSID (other than not telling them it) If the users have a guess at the SSID then the possibility is that they can access a LAN they should not.

Any help would be very greatfully received.

1 REPLY
Community Member

Re: AP with EAP and managment control through ACS

Hi ihill,

in answer to your second question there is a couple of ways that you can do this depending on the amount of control you have over your clients.

You could use dynamic VLAN assignment:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

You could use Active Directory wirelss group policy to define prefered wirless networks for your clients

Or you could use a 3rd party supplicant like the Juniper Network's Odyssey Access Client

http://www.juniper.net/products_and_services/aaa_and_802_1x/odyssey/odyssey_access_client/

hope this helps

Mark

*pls rate all useful posts

141
Views
0
Helpful
1
Replies
CreatePlease to create content