Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

IAS matching wrong policy

The IAS policy to authenticate users (we have one for VPN and another for wireless), will stop at the first policy that matches the user to the group even though the NAS port type is set to IEEE 802.11. Users were telling me that if they were removed from the group that granted VPN access, then they could hit wireless (but then not be able to get on VPN).

 

Anyone experienced this?

2 REPLIES
Bronze

Re: IAS matching wrong policy

Edit the properties of the Controller Remote Access Policy. Make sure to add the NAS-Port Type - Wireless - IEEE 802.11

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008082d5b5.shtml

Hall of Fame Super Silver

Re: IAS matching wrong policy

You should also specify the NAS IP Address for each of your policy. This way the policy will match the mangement ip address of the readius client.

-Scott
*** Please rate helpful posts ***
172
Views
0
Helpful
2
Replies
CreatePlease login to create content