4402 Guest Access Issues

charlesdf22 · ‎02-05-2007

We currently have a 4402 Controller with several AP's configured and working great. We have 2 SSID's mapped to 2 different VLAN's as well. 1 SSID is for Internal use and has EAP-FAST, ACS Auth, etc configure. The Guest SSID is using the local net usernames as expected, however, it is also using the ACS server as well. We would prefer to prevent internal employees from even being able to authenticate to the Guest SSID. Any ideas?

Richard Atkin · ‎02-07-2007

ACS can impose rules on groups, simply set your Staff groups allowed NDIS value to "*ESSID" (for example) and that should do the trick. It's important to put the * infront of your ESSID name.

HTH,

Rich A

charlesdf22 · ‎02-13-2007

This doesn't seem to do it for me.

Here's what I have on the ACS Server for the Default Group:

Define IP-based access restrictions (checked)

Denied Calling/ Point of Access Locations

NDG:TACACS (For our switches/ routers

Port: *

Address *

Define CLI/DNIS-baswed access restrictions

Permitted Calling/ Point of Access Locations

Controller

Port: *

CLI: *

DNIS: *Internal

Thanks in advance

segopala · ‎02-25-2007

hi ,

Check this link

http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

Regards

Seema