Re: NPS, wifi, multiple SSIDs - multiple policies?

lukeprimm · ‎05-16-2011

We are setting up a new wireless network with multiple SSID's. We plan on having an internal network, a guest network, and a personal devices network. The questions is how do authenticate against multiple policies on the same NPS server? Our current NPS server authenticates against AD group AND AD user account for the internal network. If I want to authenticate the personal devices SSID against the NPS, can I set up a different policy for it only?

My understanding is that when a user/device queaeries the NPS, it goes down the policy until it finds a match and then allows access. Is this true? Thanks

Erick Delgado · ‎05-19-2011

Hello,

NPS is a policy based server. It works with a set of conditions and then a result.

Your question is really general and I will say yes you can do it. You can filter based on SSID if you have a Cisco WLC.

You can create as many policies do you want but you have to be very specific in terms of conditions.

Please tell me exactly what you want to accomplish and I will do my best to help you with the policies.

Erick Delgado

AAA TEAM

lukeprimm · ‎05-24-2011

Thanks,

Basically we want to use NPS to authenticate our wireless users and we also want to use NPS to regulate access into our switches/network devices. If I create a policy for example wireless that says If user is part of domain users, then grant access, how do I Create another policy that regulates who can log into my switches? Since the policy matches, it allows the user to log into the switch. Does this make any sense? Do I need a separate NPS/AAA server to authenticate my cisco switches/routers? THanks