In a WLAN environment that has 2 WLC, lots of LAP´s and clients authenticating with an ACS which has configure an Active Directory as an external data base, I would like to know how I can limit de EAP methods per group or SSID in the ACS.
For example: one SSID can only use PEAP-MSCHAPv2 and the other SSID con only use EAP-TLS.
ipaddr Sets Call Station Id Type to the system's IP Address macaddr Sets Call Station Id Type to the system's MAC Address ap-macaddr Sets Call Station Id Type to the AP's MAC Address ap-macaddr-ssid Sets Call Station Id Type to the format :
The solutions in this thread are great I though I would add one more. You can also accomplish this with CLI/DNIS Network Access Restrictions in ACS 4.2 with the : Calling-Station-ID configuration (which I believe is default on the WLCs):
-AAA Client would be set to your WLC NDG or IP
-Port would be set to *
-CLI would be set to *
-DNIS would be set to *
You can use a permit or deny based on what you are trying to accomplish.