Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

AP with EAP and managment control through ACS

I have deployed a number of wireless networks with EAP authenticated through the users domain account details passed to ACS 4.1. This appears to work fine, but I have two questions regarding control of access.

1. I have configured RADIUS for the EAP and then added TACACS+ for the management access of the AP. Although going back to the same ACS server with different protocols I am unable to get the managment access control to work if both are active? Should this work?

2. How do I control which VLAN / SSID a user has access to? it seems as though there is no way to limit them to a specific SSID (other than not telling them it) If the users have a guess at the SSID then the possibility is that they can access a LAN they should not.

Any help would be very greatfully received.

Community Member

Re: AP with EAP and managment control through ACS

Hi ihill,

in answer to your second question there is a couple of ways that you can do this depending on the amount of control you have over your clients.

You could use dynamic VLAN assignment:

You could use Active Directory wirelss group policy to define prefered wirless networks for your clients

Or you could use a 3rd party supplicant like the Juniper Network's Odyssey Access Client

hope this helps


*pls rate all useful posts

CreatePlease to create content