Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco avpair SSID and WLC


I'd like to differenciate users sharing the same ldap directory and radius authentication.

For example, if I have a student and a teacher, i'd like to be sure that the student will stay on its vlans and so on.

I can do this by using vlan attributes and aaa override but if I do that, I will have for example a student connected to the teacher SSID but on the student vlan. It's not a pretty situation...

I read that we can use an cisco avpair attribute to force users to connect only on their SSID but it doesn't seem to work with controller.

Is anybody have a solution for my case?



Re: Cisco avpair SSID and WLC

I've used av-pair on the WLC for Web Splash Page, but not ssid restrictions.

I did however find this documentation:

It refers to configuing a NAR (Network Access Restriction) in ACS which makes it sound like you can limit a user to a specific SSID.

New Member

Re: Cisco avpair SSID and WLC

Thanks for your reply.

So, regarding this document, the WLC include by default an information concerning the SSID on its access-request to a radius server, right?


Re: Cisco avpair SSID and WLC

Correct. The access-request would include the SSID in the access-requests. If the SSID is not one of the ones specified in the DNIS the Radius server would reject the request.

New Member

Re: Cisco avpair SSID and WLC


let me piggy back your thread. I have the same issue but I am not using WLC instead I am using "Autonomous AP". I believe by default it will not send ssid in authentication request.

How can I achieve the same result in autonomous ap?

Could you please help.

Thanks in advance.