Cisco avpair SSID and WLC

angedibartolo · ‎07-22-2009

Hi!

I'd like to differenciate users sharing the same ldap directory and radius authentication.

For example, if I have a student and a teacher, i'd like to be sure that the student will stay on its vlans and so on.

I can do this by using vlan attributes and aaa override but if I do that, I will have for example a student connected to the teacher SSID but on the student vlan. It's not a pretty situation...

I read that we can use an cisco avpair attribute to force users to connect only on their SSID but it doesn't seem to work with controller.

Is anybody have a solution for my case?

Thanks

weterry · ‎07-22-2009

I've used av-pair on the WLC for Web Splash Page, but not ssid restrictions.

I did however find this documentation: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

It refers to configuing a NAR (Network Access Restriction) in ACS which makes it sound like you can limit a user to a specific SSID.

angedibartolo · ‎07-22-2009

Thanks for your reply.

So, regarding this document, the WLC include by default an information concerning the SSID on its access-request to a radius server, right?

dancampb · ‎07-23-2009

Correct. The access-request would include the SSID in the access-requests. If the SSID is not one of the ones specified in the DNIS the Radius server would reject the request.

kyawzawhtut · ‎07-23-2009

Hi

let me piggy back your thread. I have the same issue but I am not using WLC instead I am using "Autonomous AP". I believe by default it will not send ssid in authentication request.

How can I achieve the same result in autonomous ap?

Could you please help.

Thanks in advance.

Regards

Joe