cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
835
Views
0
Helpful
1
Replies

ACS 5.2 authorization policy

Anatoly Fedchik
Level 1
Level 1

Hello,

is there any method to control an access to the different WLAN(PEAP) on the same ACS 5.2 and WLC?

That is, there is two AD groups the one have access to domain network only the other group have access to internet only
and may be third group that have access to both networks.

Currently if i add new authorization policy the user will have access to both networks...

Many thanks, in advance.

1 Accepted Solution

Accepted Solutions

Tarik Admani
VIP Alumni
VIP Alumni

Yes ths is possible, the ssid is carried in the called station id which is an av pair sent in the access-request. The format of the called-station-id is , so you can build your authorization policy with a compound condition of "called-station-id ends with ssid" then you can combine this with the AD1:ExternalGroups and set the permit-access or deny-access result depending on your implementation. Also the ssid is case sensitive when acs makes its decision so keep that in mind.

If you look at the authentication report in ACS you can see the ssid that I am referring to in the called-station id in the logs.

Hope that helps

Tarik Admani
*Please rate helpful posts*

View solution in original post

1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

Yes ths is possible, the ssid is carried in the called station id which is an av pair sent in the access-request. The format of the called-station-id is , so you can build your authorization policy with a compound condition of "called-station-id ends with ssid" then you can combine this with the AD1:ExternalGroups and set the permit-access or deny-access result depending on your implementation. Also the ssid is case sensitive when acs makes its decision so keep that in mind.

If you look at the authentication report in ACS you can see the ssid that I am referring to in the called-station id in the logs.

Hope that helps

Tarik Admani
*Please rate helpful posts*