Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSID restrictions and Radius

Hello

I'm testing Authentication using Certificates on a Wireless 1121 AP which I have setup and works fine.  I now want to restrict access to certain SSIDs to specific Groups in ACS.  I've added a CLI/NDIS- based access restriction, but if I use a permit on a spectific SSID, I cannot connect on any SSIDs.  But if I deny a specific SSID it permits all SSIDs.  I'm using ACS 4.2., and have setup the following on ACS.

AAA Client: WAP-1100-5

Port: *

CLI: *

NDIS: *Engineering-Test

Engineering-Test is the SSID on the WAP.

Thanks

4 REPLIES
Gold

Re: SSID restrictions and Radius

Do you have AAA Override enabled under the WLANs on the controller?

New Member

Re: SSID restrictions and Radius

Hello

I don't have a controller, I only have a 1121 AP and ACS 4.2.  Do I need a Controller to get this to work?  If so, is there another way I can restrict ACS Groups to a specific SSID.

Gold

Re: SSID restrictions and Radius

You could just use dynamic VLAN assignments.  Won't stop the client from being able to associate to different SSID's but will make sure he is always put into the same VLAN regardless of which SSID he authenticates to.

New Member

Re: SSID restrictions and Radius

Hello

if this allows me to put a client into a specific VLAN and I don't need a Controller that would be perfect.

525
Views
0
Helpful
4
Replies