02-05-2014 06:06 AM - edited 07-05-2021 12:05 AM
I am in a branch office and I have one WLC 5508 and one ACS 4.2 with three WLANs:
WLAN1 with SSID1: for company computers and laptops
WLAN2 with SSID2: for ipads and tablets
WLAN3 with SSID3: for guests
I am asked to configure WLAN2 as “WLAN2: Provides the Wi-Fi connectivity to ipads and tablets, with back end security using domain authentication with mac address restrictions.
02-05-2014 06:35 AM
So for WLAN 2, you would use 802.1.x PEAP (AD Credentials) and you can also use MAC address filter for that WLAN in the WLC. Here is a guide on Mac filtering.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008084f13b.shtml
I'm guessing your okay with the other SSID's and your radius policies since your only asking about WLAN 2.
Sent from Cisco Technical Support iPhone App
02-05-2014 08:51 AM
Thanks Scott. My only one active directory domain is mapped to ACS group 2 which maps to VLAN1 with WLAN1. Is it possible to map the same domain to another group 3 where my VLAN2 with WLAN2. Like one domain to many groups in ACS. If not what do you thinik is the solution for this case?
Thanks,
Hajir
02-05-2014 09:00 AM
You would need to create a seperate policy and be able to have a seperation between the two policies... It's kind of hard to explain, but you would have for example:
Policy 1:
Wireless user on this SSID WLAN1
AD on this AD Group (Machine)
Policy 2:
Wireless user on this SSID WLAN 2
AD on this AD Group (USer)
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide