I'm testing Authentication using Certificates on a Wireless 1121 AP which I have setup and works fine. I now want to restrict access to certain SSIDs to specific Groups in ACS. I've added a CLI/NDIS- based access restriction, but if I use a permit on a spectific SSID, I cannot connect on any SSIDs. But if I deny a specific SSID it permits all SSIDs. I'm using ACS 4.2., and have setup the following on ACS.
You could just use dynamic VLAN assignments. Won't stop the client from being able to associate to different SSID's but will make sure he is always put into the same VLAN regardless of which SSID he authenticates to.