Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1002
Views
0
Helpful
4
Replies

Mapping SSID with authentication protocol

rsnaraya
Cisco Employee
Cisco Employee

‎08-28-2012 11:34 PM - edited ‎07-03-2021 10:35 PM

Hi Team ,

My customer wants to have mapping of WLAN SSID with   different authentication protocol as show below .

1: EMP-M for Mschap

2: EMP-G   for Peap GTC

3: EMP-T   for TLS

For example EMP-M SSID users should be connected with only PEAP(MSCHAPv2) and not on other methods like PEAP-GTC/EAP-TLS .

customer is currently having WLC 5508 and using ISE for AAA . Any tip how we can do the above requirement through WLC .

Regards

Sankar

Labels:
0 Helpful
4 Replies 4

Amjad Abdullah
VIP Alumni
VIP Alumni

‎08-29-2012 04:55 AM

Hi,

Not through WLC, But through AAA server. It can be done with ACS 5.x but i have no experience with ISE to tell but i think it is

Possible.

You can ask in security AAA forums.

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎08-29-2012 04:59 AM

Simple... if you want to have 3 SSID's, your create a new SSID and name the profile EMP-M and set the SSID to EMP-M.  Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x.  Create your seconds WLAN and anme the profile EMP-G and set the SSID to EMP-G.  Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x. Create your third SSID and name the profile EMP-T and set the SSID to EMP-T. Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x.

The lookup to what users belong or can authenticate to what authentication protocol is defined in your ISE.  Your WLC will be a AAA client in ISE and you will define the ISE as a radius server and point each of the WLAN to use ISE for radius.  Your ISE policy in order to differentiate the different SSID's, you will need to have three differnt policies and use the following to specifiy only from this SSID:

.*EMP-M

.*EMP-G

.*EMP-T

Hope this helps.... now you just have to figure out your vaious ISE policies.

-Scott
*** Please rate helpful posts ***
0 Helpful

rsnaraya
Cisco Employee
Cisco Employee
In response to Scott Fella

‎08-29-2012 05:40 AM

Thanks Scott  for your valuable input.

How we can map the SSID in the ISE policy . any pointers to link or configuration  example will be helpfull.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to rsnaraya

‎08-29-2012 05:45 AM

You first need to understand what you want to do, which includes if you want to profile, posture, etc.  That is where you have to understand what you can do and what you want to do.  If its basic, take a look at this video and then when you create your polices, you can specify the .*SSID to differentiate the SSID's, of course you will have three polices just for the wireless.

https://supportforums.cisco.com/videos/2480

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card