Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to bind ACS users to only one SSID?


I have ACS 4.2 and AP 1240. I`m use two SSID - guest and user. Guest ssid must use PEAP authentication, user ssid must use EAT-TLS authentication (acs user local database). All work correctly. But when i create user for EAP-TLS, i`m create with username of DN certificate and some password. And somebody can use DN as username and password for PEAP authentication for ssid Guest and ssid Users.

How can i make for ssid guest that work only PEAP authentication and for ssid work only EAP-TLS authentication?


Re: How to bind ACS users to only one SSID?

The guest WLAN uses web authentication to authenticate users and the secure internal WLAN uses Extensible Authentication Protocol (EAP) authentication.

Layer 2 Security option at the default value 802.1x because EAP authentication is used for the internal WLAN users.


Re: How to bind ACS users to only one SSID?

Are you using autonomous or lightweight AP's? If you have a controller you could setup the Radius attributes to specify which WLAN the user can authenticate to.

Another option would be to setup dynamic VLAN assignment. This would work for either type of AP. The user might still be able to authenticate to either WLAN but after passing authentication they would be dumped into the VLAN you define.

CreatePlease login to create content