cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
2
Replies

IAS matching wrong policy

shh5455
Level 3
Level 3

The IAS policy to authenticate users (we have one for VPN and another for wireless), will stop at the first policy that matches the user to the group even though the NAS port type is set to IEEE 802.11. Users were telling me that if they were removed from the group that granted VPN access, then they could hit wireless (but then not be able to get on VPN).

 

Anyone experienced this?

2 Replies 2

wdrootz
Level 4
Level 4

Edit the properties of the Controller Remote Access Policy. Make sure to add the NAS-Port Type - Wireless - IEEE 802.11

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008082d5b5.shtml

You should also specify the NAS IP Address for each of your policy. This way the policy will match the mangement ip address of the readius client.

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: