01-23-2014 03:19 AM - edited 07-05-2021 12:02 AM
Hello,
Currently I have three SSIDs each serving it's purpose.. Students, Staff & Guest.. I want to archive different authentication for each SSID, Students will be able to only authenticate only on the Student SSID and same for Staff, Staff shouldn't be able to authenticate on Student and vs..
Is it's possible with Radius server to be authenticated based on AD organizational units?
Any thoughs?
Thanks,
Solved! Go to Solution.
01-23-2014 04:39 AM
Take a look at this thread also. Has some links you can follow.
https://supportforums.cisco.com/thread/2217685
Sent from Cisco Technical Support iPhone App
01-29-2014 07:57 AM
I really need to know how everything is setup, which makes it hard to explain the setup over the forum. The only thing I can really help with is if you post your show run-config and screen shots of your radius policies so I can see what you need to do. Also I would need to know what you want for each of the ssids.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-29-2014 08:12 AM
No problem
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
02-01-2014 03:01 AM
HI Ramkumar,
Can you please create a new thred and post your issue in brief.
Regards
01-23-2014 03:27 AM
Yes... there is a radius attribute... called-station-id which you can use to differentiate between the SSID's. This is passed in that attribute and you would create two policies, one for student and one for staff.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-23-2014 03:28 AM
Here are some links:
https://supportforums.cisco.com/thread/2098434
http://mrncciew.com/2013/07/22/called-calling-station-id/
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-23-2014 03:30 AM
What radius server do you have?
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-23-2014 04:17 AM
Hello,
I'm using Windows 2003 as Radius server..
01-23-2014 04:36 AM
You should be able to still use the called-station-ID radius attribute for this.
Sent from Cisco Technical Support iPhone App
01-23-2014 04:39 AM
Take a look at this thread also. Has some links you can follow.
https://supportforums.cisco.com/thread/2217685
Sent from Cisco Technical Support iPhone App
01-29-2014 02:05 AM
Hello Scott,
I have gone through the tutorials you have given and what I understood is The Called-Station-id is being used for MAC authentication against the devices connected into the WiFi Network, but not against Active Directory username.
I have tried now creating Guest SSID and in that Guest SSID, I have made the Authentication based on LOCAL only. This works perfect as it allows only the users created under the LobbyAdmin are being authenticated and not the Active Directory Accounts.
I would like to do the same on but on different SSID, on the Staff which only be applied on the Staff-Security-AD-Group and on Student SSID where only be applied on Student-Security-AD-Group. This will eliminate the Staff from being authenticated on Student SSID & Guest SSID and same for Students which will be eliminated from being authenticated on the Staff & Guest SSID as well.
Is it ahieveable with Raius Server 2003?
01-29-2014 05:14 AM
Yes it is... you would have to create two separate policies in your IAS 2003 radius server. The only difference between the two would be the called-station-id and the AD group mapping. WIth IAS, you need to use a regex like something like this. If your ssid was named secure:
.*secure
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-29-2014 07:52 AM
Hi Scott,
Thanks for your reply. Do you an example configuration on Radius and what sort of additional configuration would WLC required?
01-29-2014 07:57 AM
I really need to know how everything is setup, which makes it hard to explain the setup over the forum. The only thing I can really help with is if you post your show run-config and screen shots of your radius policies so I can see what you need to do. Also I would need to know what you want for each of the ssids.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-29-2014 08:00 AM
Will give you all the details tonight or tomorrow morning.
01-29-2014 08:12 AM
No problem
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
02-01-2014 02:57 AM
Hi Scott,
we are here, would you like to give example on Radius server 2003 how this would be configured?
02-01-2014 03:01 AM
HI Ramkumar,
Can you please create a new thred and post your issue in brief.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide