cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2643
Views
0
Helpful
27
Replies

Different authentication per SSID

habibalby
Level 1
Level 1

Hello,

Currently I have three SSIDs each serving it's purpose.. Students, Staff & Guest.. I want to archive different authentication for each SSID, Students will be able to only authenticate only on the Student SSID and same for Staff, Staff shouldn't be able to authenticate on Student and vs..

Is it's possible with Radius server to be authenticated based on AD organizational units?

Any thoughs?

Thanks,

4 Accepted Solutions

Accepted Solutions

Take a look at this thread also. Has some links you can follow.

https://supportforums.cisco.com/thread/2217685

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

I really need to know how everything is setup, which makes it hard to explain the setup over the forum.  The only thing I can really help with is if you post your show run-config and screen shots of your radius policies so I can see what you need to do.  Also I would need to know what you want for each of the ssids.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

No problem

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

HI Ramkumar,

Can you please create a new thred and post your issue in brief.

Regards

View solution in original post

27 Replies 27

Scott Fella
Hall of Fame
Hall of Fame

Yes... there is a radius attribute... called-station-id which you can use to differentiate between the SSID's.  This is passed in that attribute and you would create two policies, one for student and one for staff. 

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Here are some links:

https://supportforums.cisco.com/thread/2098434

http://mrncciew.com/2013/07/22/called-calling-station-id/

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

Thanks,


Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

What radius server do you have?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Hello,

I'm using Windows 2003 as Radius server..

You should be able to still use the called-station-ID radius attribute for this.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Take a look at this thread also. Has some links you can follow.

https://supportforums.cisco.com/thread/2217685

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hello Scott,

I have gone through the tutorials you have given and what I understood is The Called-Station-id is being used for MAC authentication against the devices connected into the WiFi Network, but not against Active Directory username.

I have tried now creating Guest SSID and in that Guest SSID, I have made the Authentication based on LOCAL only. This works perfect as it allows only the users created under the LobbyAdmin are being authenticated and not the Active Directory Accounts.

I would like to do the same on but on different SSID, on the Staff which only be applied on the Staff-Security-AD-Group and on Student SSID where only be applied on Student-Security-AD-Group. This will eliminate the Staff from being authenticated on Student SSID & Guest SSID and same for Students which will be eliminated from being authenticated on the Staff & Guest SSID as well.

Is it ahieveable with Raius Server 2003?

Yes it is... you would have to create two separate policies in your IAS 2003 radius server.  The only difference between the two would be the called-station-id and the AD group mapping.  WIth IAS, you need to use a regex like something like this.  If your ssid was named secure:

.*secure

Thanks,


Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Hi Scott,

Thanks for your reply. Do you an example configuration on Radius and what sort of additional configuration would WLC required?

I really need to know how everything is setup, which makes it hard to explain the setup over the forum.  The only thing I can really help with is if you post your show run-config and screen shots of your radius policies so I can see what you need to do.  Also I would need to know what you want for each of the ssids.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Will give you all the details tonight or tomorrow morning.

No problem

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Hi Scott,

we are here, would you like to give example on Radius server 2003 how this would be configured?

HI Ramkumar,

Can you please create a new thred and post your issue in brief.

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: