Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Multiple SSIDs and NPS

I have a WLC setup with one ssid (ssid A) using Web auth tied back to NPS with the requirement be that you have to be in the domain users group to authenticate.  It works fine.  I have SSID B setup using eap-tls with the requirement of the pc having to be in the domain computers group.  This work as a new user can login to the pc without having ever logging into it before.  When I try and take my person pc and join ssid b it get an error as expected.  But if I take my android phone and tell it to accept any certificate unspecified it will be allowed to join and i think its because it may be failing against the first match which may be the domain users requirement but matching on the domain users group requirement.  It seems that the fail through is the issue.

Everyone's tags (4)
Hall of Fame Super Silver

Re: Multiple SSIDs and NPS

You need to see how devices are passing via NPS. With webauth, it should only allow username and password and EAP-TLS should only allow machine. So when you create your NPS policy, webauth should point to only the OU and EAP-TLS should point to your domain computer OU.

Move SSID B before the SSID A policy. You can also add a called station id for the EAP-TLS SSID using something like:


The dot is a wildcard for the Mac address.

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***
CreatePlease to create content