topic You could use "Airespace in Network Access Control

WLAN's & Active Directory Groups

Aileron88 — Mon, 11 Mar 2019 07:53:20 GMT

Hi all,

I'm looking for a way to authenticate users to different WLAN's using Active Directory. I currently have a single WLAN that users connect to and authenticate using their AD credentials. What I want to do is stand up a new, more tied down WLAN that a subset of these users can also connect to.

What is the best way to achieve this?

Many thanks

You could use "Airespace

agrissimanis — Wed, 26 Jul 2017 13:00:51 GMT

You could use "Airespace:Airespace-Wlan-Id EQUALS <YOUR WLAN ID FROM WLC>" condition to catch the specific WLAN and then "MYDOMAIN:ExternalGroups EQUALS mydomain.com/<SOME SPECIAL AD GROUP>" to allow only that particular AD group.

You just need to keep in mind that if you have this new rule above the existing rule for the other WLAN, you will still allow all AD users to access your restricted WLAN, because there are no conditions that restrict the original rule.