Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
2
Replies

How to restrict guests to guest WLAN using RADIUS

mvoss
Level 1
Level 1

‎12-07-2007 07:52 AM - edited ‎07-03-2021 03:04 PM

Using 2811 with integrated WLCM

I have 2 SSIDs, business and guest. The business is only for employees and guest is for everyone else. MAC filtering is in place for both and I have per-user bandwidth restrictions for the guest SSID. I now need a way to direct guests to the guest SSID and employees to the business SSID via RADIUS. All I need is a simple attribute or identifier so RADIUS knows which SSID the user is trying to connect and can then deny or allow access. I connected to both and checked the RADIUS logs but there is no way to tell which SSID I connected to in the logs.

Labels:
0 Helpful
2 Replies 2

davieschris
Level 1
Level 1

‎12-19-2007 02:34 AM

Not sure if this is what you are really looking for but have a look at the following URL, there are lot's of options but it should give you some ideas

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

It is geared towards LWAP's but I have done the same with autonomous ones.

Hope this helps .. Chris

0 Helpful

Mehdi_ab
Level 1
Level 1

‎12-20-2007 03:12 PM

Do u use an ACS?

If yes, simply configure the group of the users NAR.

AAA client-2811 IP address

Port-*

CLI-*

DNIS-*business (or guest)

This will not "redirect" the users to the right SSID but will permit/deny the user access to the WLAN based on the SSID they're trying to associate with.

Another way to do it is to actually define two profiles with different AAA but same SSID.

Example SSID = ACME Profile Business AAA=WPA2

SSID= ACME Profile Guest AAA=none (web auth etc)

Then you can restrict access based on the profile (apply ACL etc)

This doc might help

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card