cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
211
Views
20
Helpful
4
Replies
Highlighted
Beginner

NPS Wireless authentication based on user group

I have two SSID : 1. SSID-NPS and 2. SSID-NPS2

both of them is using nps radius server.

 

I want to make the rule

1. only groups 8021x can connect SSID-NPS

2. only groups 8021xb can connect to SSID-NPS2

 

i have already using called station ID, but only rule 1 is running well,

when i test SSID-NPS2, the user in group 8021x still can connect to that ssid.

 

Note : I only using eap-peap method (connect using username and password from active directory)

 

below is the configuration of NPS server. please correct if i missing the configuration

Screenshot (2683).pngScreenshot (2684).pngScreenshot (2686).png

4 REPLIES 4
Highlighted
VIP Mentor

Re: NPS Wireless authentication based on user group

I think it is because your two SSID names are not unique. If you use distinguish SSID names ( SSID-NPS-1 & SSID-NPS-2) you should be able to filter using called-station-id

 

HTH

Rasika

Highlighted
Beginner

Re: NPS Wireless authentication based on user group

Terhe should be a condition to match "Called Station ID" with the value of the BSSID like ".*.:SSID-NPS" or ".*.:SSID-NPS2" (without the quotes) for every Machine Group you want to split.

NPS Policy.png

HTH
-Jesus
*** Please Rate Helpful Responses ***

Highlighted
VIP Mentor

Re: NPS Wireless authentication based on user group

Instead of solving this problem I would first think about your environment. Typically it does not make any sense to "waste" two SSIDs if both use the same authentication-methods to the same authentication-server. It's likely that you only need one SSID.

Highlighted
Hall of Fame Master

Re: NPS Wireless authentication based on user group

I agree with Karsten here... you can achieve this by rules and vlan assignments. However, if you still want to go ahead and figure your scenario out, you need to use a better regex. Your ssid #1 overlaps with ssid #2 so you either can follow what Rasika mentioned and really make then unique or see if NPS takes standard anchor in regex.

^.*: SSID-NPS$
^.*: SSID-NPS2$
-Scott
*** Please rate helpful posts ***
CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey