cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

19411
Views
0
Helpful
15
Replies
Beginner

Multiple SSID authentication with NPS

Hello all,

I have a Wireless LAN controller and multiple Cisco APs with 8 SSIDs configured. Each one for the different business departments.

I want to allow Windows users to authenticate only to their specific SSID and windows group. I have a Microsoft NPS for user authentication but I dont know how to validate the SSID and the domain user at the same time.

I read in some websites about the VSA parameters, but I dont know how to configure the controller to send the SSID to my NPS and what I need to configure in my RADIUS server to validate both conditions, username and SSID.

Any help will be really appreciate.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

Re: Multiple SSID authentication with NPS

For the SSID, you just need to add the called station id or use the wlan id radius attribute. See the following links.

http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/fa662135-3ddd-4699-a8eb-83f9f85b5674/

https://lavazzza.wordpress.com/2010/05/29/wlc-school-for-network-admin’s-who-can-read-real-good-part-2-ok-so-it-has-been-awhile/

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
15 REPLIES 15
Hall of Fame Master

Re: Multiple SSID authentication with NPS

For the SSID, you just need to add the called station id or use the wlan id radius attribute. See the following links.

http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/fa662135-3ddd-4699-a8eb-83f9f85b5674/

https://lavazzza.wordpress.com/2010/05/29/wlc-school-for-network-admin’s-who-can-read-real-good-part-2-ok-so-it-has-been-awhile/

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Beginner

Re: Multiple SSID authentication with NPS

I already try to use the called station ID and is not working. Do you need to type a specific command on the WLC?

Beginner

Re: Multiple SSID authentication with NPS

After reviewing the logs in NPS, I modified the called station ID and its working now.

Thanks for the answer.

Hall of Fame Master

Re: Multiple SSID authentication with NPS

No problem. Just becareful when you start upgrading the WLC. There might be a point in time when the SSID will not be passed onto the called station attribute. The WLAN-ID would then have to be used. This would require all your SSID's to have the identical WLAN ID.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Hall of Fame Master

Re: Multiple SSID authentication with NPS

Just an FYI.... The newer v7.4 code doesn't send the SSID in the radius packet. I ran into that using the v7.4 beta so I have to change my policy to use look at the WLAN-ID instead.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Not applicable

Multiple SSID authentication with NPS

Hi!, Can you explain how to change the policy to wlan-id ? ,

Currently I use Called Station ID , http://i.imgur.com/06g0Lnd.png

Thanks!

Highlighted
Frequent Contributor

Re: Multiple SSID authentication with NPS

Hey Scott, I know this post is old but wanted to verify this SSID in called station ID did you face any issues with the newer versions?  I'm wondering if 7.4 had an issue but got fixed perhaps?  Looks like 8.x is fine.

 

Thank you in advance for confirming.

Rising star

Re: Multiple SSID authentication with NPS

Hello Fredo,

As per your query i can suggest you the following solution-

Having 8 SSIDs configured and to validate SSID with the domain user you just need to add the station id to NPS or use wlan id radius attribute to achieve the same.

Hope this will help.

Beginner

Multiple SSID authentication with NPS

Thanks, will have a look on it.

Hall of Fame Master

Re: Multiple SSID authentication with NPS

Should work out fine or else let me know and I can bring up an NPS server and show you a test policy. The links should help though.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Beginner

Multiple SSID authentication with NPS

The best way is to use the "Called Station ID" in the Policy under the Conditions.

We added the RegEx Pattern "$" to use the String on the End.

If your SSID is "DATA" the use the Condition in the Policy -> Called Station ID - DATA$

Attached you can find a Sample...

Best Regards,

SvenUnbenannt.PNG

Beginner

Multiple SSID authentication with NPS

Hi,

What is the point of having Data$ ? Currently each ssid having called-stationID as .SSIDName* on each Radius profiles and it works fine the way how I want it.

Could you please elaborate on this?

Thanks

Beginner

Multiple SSID authentication with NPS

Hi,

the "$" is a Metacharacter in Regular Expression -> Matches the ending position of the string or the position just before a string-ending newline. In line-based tools, it matches the ending position of any line.

So this mean you can choose the name of your SSID and attach the "$" Sign to get the right condition.

Regards,

Sven

Beginner

Re: Multiple SSID authentication with NPS

Hi Sir,

Is this one working on scenario where one user able to connect to any SSID. As long as it is inside the group of in the condition?

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards