We are trying to setup an SSID where our Mobile Device users (IPAD, IPHONE, etc..) can get on and have limited access to the internal network.
I was able to limit access using an ACL on the VLAN we assign the devices on but I can't find a good way to setup the controller where they are strictly using LDAP. I've seen the OU setup but that doesn't work in our environment because users could only be in that specific OU and would lose some group policies. Cisco doesn't allow LDAP group access unfortunately.
That's not that big of an issue. My question is what are some good ways to setup a secure SSID that only allows specific wireless users to authenticate on it? I've thought about machine authentication. I don't know much about certificates but think that wouldn't work because anyone could get onto it and get a certificate (I think). I'm just looking for ideas...