How to configure Wireless LAN Controller (WLC) authentication for AD users by SSID verification
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2018 11:08 AM - edited 02-21-2020 10:53 AM
Hi,
I have a customer using Cisco WLC5508 and Cisco ACS 5.4. They have a corporate SSID configured on the WLC which authenticates through the ACS Server using Certificate Based Authentication with AD.
They now have a requirement to have an additional SSID created for users to connect their mobile phones (IOS/Android) and users should be prompted for a username and password, once they enter their domain user credentials they should be allowed access to the internet. For this SSID, a separate Layer 2 VLAN has been created which is allowed internet access only.
I am trying to follow a past post but it is kind of old and does not use AD authentication:
I tried to create an additional Selection Profile on the ACS but it was causing the Corporate SSID to stop working (certificate based authentication)
I will need some help as how to match the following:
1. Radius attribute to match the new SSID
2. Authenticate the users through Active Dirctory
3. Once authenticated, the user should be placed in the new Layer 2 VLAN
Any support or reference will be highly appreciated as I will be visiting the customer again on Monday.
Thank you,
Kind regards.
- Labels:
-
Other NAC
