https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643538#M11101 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>There is a doc on CCO explaining how to restrict access to a SSID based on the user.</P><P></P><P>Have a look at <A class="jive-link-custom" href="http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml" target="_blank">http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml</A></P><P></P><P>Rgds,</P><P>Gaetan</P></BODY></HTML> Wed, 28 Feb 2007 09:53:58 GMT claeysg 2007-02-28T09:53:58Z https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643534#M11097 <P>Hi,</P><P></P><P>A have the following scenario:</P><P></P><P>5 vlans configured on my AP, 3 of them use PEAP to authenticate users (not computers), I'm using ACS 3.3.3 connected to my Active Directory.</P><P></P><P>The thing is, How can I filter access from one SSID to another if I am using PEAP in those 3 SSIDs?</P><P></P><P>Let me explain the scenario:</P><P></P><P>I have one SSDI for Students (PEAP), other for Employees (Also PEAP) and the last one for IT (PEAP again)</P><P></P><P>How can I prevent a student from jumping to one SSID to another? Is there a Way to use some kind of key in addition to the domain username and password? How can I configure ACS to realise from wich SSID the user is trying to connect?</P><P></P><P>I anyone have an Idea, please help me!</P><P></P><P>Thank you guys, I will post my AP config so you can understand what I am talking about.</P><P></P><P></P><P> </P><P></P> Sat, 03 Jul 2021 20:29:42 GMT https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643534#M11097 carlosmadriz 2021-07-03T20:29:42Z https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643535#M11098 <HTML><HEAD></HEAD><BODY><P> think you are referring to filter access between different vlans. If I am right, you can do this at the router level. To enable or disable routing between 2 vlans, router needs to be configured above the AP. Here, to filtter between these 3 vlans, donot configure the router with networks from all three vlans. This ensures that router doesn't have a route to reach other vlan and hence inter-vlan communication is filtered. </P><P></P><P>Is this the one you were expecting?. On the AP, if you want, you can create ACL to deny traffic to the subnets associated with those vlan.</P></BODY></HTML> Tue, 23 Jan 2007 19:42:06 GMT https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643535#M11098 umedryk 2007-01-23T19:42:06Z https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643536#M11099 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>I'm having similar problems in my deployment. Students wlan only has captive portal, no wireless encryption, while employees and IT wlan are protected with EAP-PEAP / WPA1 / TKIP.</P><P></P><P>Since I don't have PKI deployed (server certs aren't validated in the wireless clients), if a student associates with employees wlan and enter his credentials, he will gain acces to employees wlan, because the RADIUS database stores all users and passwords.</P><P></P><P>Is there any RADIUS attributes I can use to discern which user is trying to get access to the network?</P><P></P><P>I.e. a tunnel-ID attribute associated with access-request packet, so RADIUS can check that attribute matches proper user-password pair.</P><P></P><P>thanks in advance,</P><P></P><P>Ignacio Siles</P></BODY></HTML> Wed, 14 Feb 2007 09:44:20 GMT https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643536#M11099 chorl0232 2007-02-14T09:44:20Z https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643537#M11100 <HTML><HEAD></HEAD><BODY><P>Hello again,</P><P></P><P>I forgot to mention I have three WLC 4402, if this information is needed to specify the RADIUS attributes provided by cisco WLC.</P></BODY></HTML> Wed, 14 Feb 2007 10:06:53 GMT https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643537#M11100 chorl0232 2007-02-14T10:06:53Z https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643538#M11101 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>There is a doc on CCO explaining how to restrict access to a SSID based on the user.</P><P></P><P>Have a look at <A class="jive-link-custom" href="http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml" target="_blank">http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml</A></P><P></P><P>Rgds,</P><P>Gaetan</P></BODY></HTML> Wed, 28 Feb 2007 09:53:58 GMT https://community.cisco.com/t5/wireless/filtering-muliple-eap-authenticated-vlan/m-p/643538#M11101 claeysg 2007-02-28T09:53:58Z