https://community.cisco.com/t5/wireless/block-local-users-acces-to-web-authentication-on-wlc/m-p/4567662#M239411 <P><A href="https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html</A></P> Wed, 09 Mar 2022 22:45:25 GMT MHM Cisco World 2022-03-09T22:45:25Z https://community.cisco.com/t5/wireless/block-local-users-acces-to-web-authentication-on-wlc/m-p/4567604#M239399 <P>I have two SSID with web authentication, ¿Can I restrict the access of 6 users to an especific SSID?</P> Wed, 09 Mar 2022 21:44:48 GMT https://community.cisco.com/t5/wireless/block-local-users-acces-to-web-authentication-on-wlc/m-p/4567604#M239399 Eduardo.Placencia 2022-03-09T21:44:48Z https://community.cisco.com/t5/wireless/block-local-users-acces-to-web-authentication-on-wlc/m-p/4567659#M239409 <P>If I am right try this way</P><P>under wlan in WLC, L2 security Mac filter,</P><P>add MAC address of user in local Mac tables of WLC .</P> Wed, 09 Mar 2022 22:43:14 GMT https://community.cisco.com/t5/wireless/block-local-users-acces-to-web-authentication-on-wlc/m-p/4567659#M239409 MHM Cisco World 2022-03-09T22:43:14Z https://community.cisco.com/t5/wireless/block-local-users-acces-to-web-authentication-on-wlc/m-p/4567662#M239411 <P><A href="https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html</A></P> Wed, 09 Mar 2022 22:45:25 GMT https://community.cisco.com/t5/wireless/block-local-users-acces-to-web-authentication-on-wlc/m-p/4567662#M239411 MHM Cisco World 2022-03-09T22:45:25Z https://community.cisco.com/t5/wireless/block-local-users-acces-to-web-authentication-on-wlc/m-p/4567770#M239420 <P>Hi, thanks for your replay.</P><P>&nbsp;</P><P>I solved the problem. Let me explain a little bit more about my scenario in a WLC 9800, it´s a little different with legacy WLC, hope you can understand me, English is not my native language.</P><P>&nbsp;</P><P>I have 2 SSIDs for guest users using web authentication,&nbsp; SSID 1 normal behavior is to have access for internet but the users can't reach my internal network, and the SSID 2 normal behavior is to reach my internal network and also everything in Internet.</P><P>What I was looking is to create guest users for SSID 1 only and the same for SSID 2.&nbsp;</P><P>The problem was that all users have the connection with both SSID.</P><P>&nbsp;</P><P>The problem was solved with this steps in GUI,</P><P>1. Creat an attributte list with the association of the SSID&nbsp; (Security==&gt;AAA==&gt;AAA advanced==&gt; Attribute_list)</P><P>2. Associate the guest user with the attribute list</P><P>3. Associate the user with a wlan-profile-name, because if you do not do this, the&nbsp;<SPAN>guest user authentication is allowed on any WLAN.</SPAN></P><P><SPAN>4. In the Policy created for the SSID you need to check AAA override.</SPAN></P><P>&nbsp;</P><P><SPAN>Example CLI configuration</SPAN></P><P>conf t<BR />user-name XXXXX1<BR />password 0 XXXXX<BR />aaa attribute list XXXXX &lt;== Name_of_attribute_list_created<BR />exit</P><P>conf t<BR />username XXXXX1 wlan-profile-name XXXXX &lt;== SSID_name</P><P>&nbsp;</P><P><SPAN>I just followed this link,</SPAN></P><P><SPAN><A href="https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/16-11/config-guide/b_wl_16_11_cg/b_wl_16_11_cg_chapter_01110110.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/16-11/config-guide/b_wl_16_11_cg/b_wl_16_11_cg_chapter_01110110.html</A></SPAN></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P> Thu, 10 Mar 2022 05:32:34 GMT https://community.cisco.com/t5/wireless/block-local-users-acces-to-web-authentication-on-wlc/m-p/4567770#M239420 Eduardo.Placencia 2022-03-10T05:32:34Z