Step 1. Integration of ACS in the Domain, and choose the groups that will be using
Step 2: Add the access-point as a network access-device, and define radius shared secret (which, obviously, has to be the same as the one defined in your AP configuraiton).
Note: In this case we have set the AP device type to autonomous_AP, as we will be using this criteria in the service selection (see below).
Step 3: After that, we need to create an authorization profile that will assign VLAN 91:
Step 4: Now, I have to create an access service with my AD as identity source, and with an authorization rules that will apply the profile I created in the previous step for all users belonging to the AD Group Corp2.
Note: To see the AD1:ExternalGroups condition field, you need to click on customize First.
Note2: Make sure that default rule is Permit Access, or any other authorization profile that will allow access.
Step 5: The next and final step for ACS configuration is to direct all Radius request coming from my AP to my Access Service:
We can check that everything is fine using show dot11 assoc all: This is when I log with bastien:
ap#sh dot11 associations all-client
Address : 0011.95ca.e82d Name : NONE
IP Address : 192.168.90.61 Interface : Dot11Radio 0