Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to bind ACS users to only one SSID?

Hello!

I have ACS 4.2 and AP 1240. I`m use two SSID - guest and user. Guest ssid must use PEAP authentication, user ssid must use EAT-TLS authentication (acs user local database). All work correctly. But when i create user for EAP-TLS, i`m create with username of DN certificate and some password. And somebody can use DN as username and password for PEAP authentication for ssid Guest and ssid Users.

How can i make for ssid guest that work only PEAP authentication and for ssid work only EAP-TLS authentication?

2 REPLIES
Silver

Re: How to bind ACS users to only one SSID?

The guest WLAN uses web authentication to authenticate users and the secure internal WLAN uses Extensible Authentication Protocol (EAP) authentication.

Layer 2 Security option at the default value 802.1x because EAP authentication is used for the internal WLAN users.

http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_different_security_options_on_a_Cisco_AP

Gold

Re: How to bind ACS users to only one SSID?

Are you using autonomous or lightweight AP's? If you have a controller you could setup the Radius attributes to specify which WLAN the user can authenticate to.

Another option would be to setup dynamic VLAN assignment. This would work for either type of AP. The user might still be able to authenticate to either WLAN but after passing authentication they would be dumped into the VLAN you define.

http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42sol.html#wp1086421

197
Views
0
Helpful
2
Replies
CreatePlease login to create content