https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029541#M140375 <HTML><HEAD></HEAD><BODY><P>Simple... if you want to have 3 SSID's, your create a new SSID and name the profile EMP-M and set the SSID to EMP-M.&nbsp; Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x.&nbsp; Create your seconds WLAN and anme the profile EMP-G and set the SSID to EMP-G.&nbsp; Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x. Create your third SSID and name the profile EMP-T and set the SSID to EMP-T. Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x.</P><P></P><P>The lookup to what users belong or can authenticate to what authentication protocol is defined in your ISE.&nbsp; Your WLC will be a AAA client in ISE and you will define the ISE as a radius server and point each of the WLAN to use ISE for radius.&nbsp; Your ISE policy in order to differentiate the different SSID's, you will need to have three differnt policies and use the following to specifiy only from this SSID:</P><P></P><P>.*EMP-M</P><P>.*EMP-G</P><P>.*EMP-T</P><P></P><P>Hope this helps.... now you just have to figure out your vaious ISE policies.</P></BODY></HTML> Wed, 29 Aug 2012 11:59:33 GMT Scott Fella 2012-08-29T11:59:33Z https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029539#M140373 <P>Hi Team , </P><P></P><P>My customer wants to have mapping of WLAN SSID with&nbsp;&nbsp; different authentication protocol as show below .</P><P></P><P></P><P>1: EMP-M for Mschap</P><P>2: EMP-G&nbsp;&nbsp; for Peap GTC </P><P>3: EMP-T&nbsp;&nbsp; for TLS</P><P></P><P>For example EMP-M SSID users should be connected with only PEAP(MSCHAPv2) and not on other methods like PEAP-GTC/EAP-TLS .</P><P></P><P>customer is currently having WLC 5508 and using ISE for AAA . Any tip how we can do the above requirement through WLC .</P><P></P><P>Regards</P><P>Sankar</P> Sun, 04 Jul 2021 05:35:30 GMT https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029539#M140373 rsnaraya 2021-07-04T05:35:30Z https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029540#M140374 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>Not through WLC, But through AAA server. It can be done with ACS 5.x but i have no experience with ISE to tell but i think it is</P><P>Possible.</P><P>You can ask in security AAA forums.</P><P></P><P>Sent from Cisco Technical Support iPad App</P></BODY></HTML> Wed, 29 Aug 2012 11:55:38 GMT https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029540#M140374 Amjad Abdullah 2012-08-29T11:55:38Z https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029541#M140375 <HTML><HEAD></HEAD><BODY><P>Simple... if you want to have 3 SSID's, your create a new SSID and name the profile EMP-M and set the SSID to EMP-M.&nbsp; Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x.&nbsp; Create your seconds WLAN and anme the profile EMP-G and set the SSID to EMP-G.&nbsp; Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x. Create your third SSID and name the profile EMP-T and set the SSID to EMP-T. Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x.</P><P></P><P>The lookup to what users belong or can authenticate to what authentication protocol is defined in your ISE.&nbsp; Your WLC will be a AAA client in ISE and you will define the ISE as a radius server and point each of the WLAN to use ISE for radius.&nbsp; Your ISE policy in order to differentiate the different SSID's, you will need to have three differnt policies and use the following to specifiy only from this SSID:</P><P></P><P>.*EMP-M</P><P>.*EMP-G</P><P>.*EMP-T</P><P></P><P>Hope this helps.... now you just have to figure out your vaious ISE policies.</P></BODY></HTML> Wed, 29 Aug 2012 11:59:33 GMT https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029541#M140375 Scott Fella 2012-08-29T11:59:33Z https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029542#M140376 <HTML><HEAD></HEAD><BODY><P> Thanks Scott&nbsp; for your valuable input.</P><P></P><P>How we can map the SSID in the ISE policy . any pointers to link or configuration&nbsp; example will be helpfull.</P></BODY></HTML> Wed, 29 Aug 2012 12:40:53 GMT https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029542#M140376 rsnaraya 2012-08-29T12:40:53Z https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029543#M140377 <HTML><HEAD></HEAD><BODY><P>You first need to understand what you want to do, which includes if you want to profile, posture, etc.&nbsp; That is where you have to understand what you can do and what you want to do.&nbsp; If its basic, take a look at this video and then when you create your polices, you can specify the .*SSID to differentiate the SSID's, of course you will have three polices just for the wireless.</P><P></P><P><A _jive_internal="true" href="https://community.cisco.com/videos/2480">https://supportforums.cisco.com/videos/2480</A></P></BODY></HTML> Wed, 29 Aug 2012 12:45:40 GMT https://community.cisco.com/t5/wireless/mapping-ssid-with-authentication-protocol/m-p/2029543#M140377 Scott Fella 2012-08-29T12:45:40Z