Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1359
Views
0
Helpful
5
Replies

Restrict WLAN Access based on SSID with WLC and Cisco Secure ACS Configurat

Dave Anthony David
Level 1
Level 1

‎10-07-2007 04:29 AM - edited ‎07-03-2021 02:43 PM

Hi there,

Is there any solution to restrict wlan based access based on ssid using layer 3 (web authentication)?

sample in this link: http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

uses only layer 2.

Labels:
0 Helpful
5 Replies 5

Rob Huffman
Hall of Fame
Hall of Fame

‎10-08-2007 07:58 AM

Hi Dave,

I couldn't find the link you provided :(

Have a look at this example, it sounds like what you are looking for;

Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

Hope this helps!

Rob

0 Helpful

Dave Anthony David
Level 1
Level 1
In response to Rob Huffman

‎10-09-2007 03:49 AM

Hi Rob,

This is the link:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

Examples here are working in Layer 2 authentication method, but I need a solution in Layer 3 authentication method like Web Authentication.

0 Helpful

wireless wlc
Level 1
Level 1
In response to Dave Anthony David

‎08-09-2012 07:02 AM

hi David, 

  Did you manage to find a solution for this ? I have a similar requirement for using DNIS filtering for webauthentication and it doesnt seem to work.

regards

Joe

0 Helpful

Amjad Abdullah
VIP Alumni
VIP Alumni
In response to wireless wlc

‎08-09-2012 11:07 AM

Joe:

With webauth it does not work by default because the wlc does not send the ssid name in called-station-id attribute.

You need to configure

he wlc to send the ssid along with the ap mac address n that attribute.

Use this command on wlc cli:

config radius callStationIdType {ip_address, mac_address, ap_mac_address, ap_macaddr_ssid}

Use the last option: ap_macaddr_ssid

Hope this helps.

Amjad

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎08-09-2012 07:18 AM

It sounds like you are looking for NAR.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml

Steve

Sent from Cisco Technical Support iPad App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card