Re: Multi WLAN authentication question

twikel · ‎12-18-2012

Infrastructure:

WLC2500, PEAP MS Chapv2 authentication thru a single IAS

PCI WLAN with AD Security group

Internal WLAN with AD security group

Scenerio:

I need to set up seperate authentication for each WLAN with it's appropiate AD security group. In other words, the PCI users can only authenticate (through the PCI WLAN) to the PCI AD security group.

Potentual issues:

Can't have the Internal user authenticating to the PCI network.

I've racked my brain on ways this can be done and I'm not wanting to create a 3 armed monster. Does anyone have any "best practices" ideas on how to easily accomplish this task?

Thanks

Stephen Rodriguez · ‎12-18-2012

The only way I can think of would be NAR. Ate a policy that they ant connect to a specific DNIS. But I'd have to look to see if IAS supports it or not

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Scott Fella · ‎12-18-2012

You need to have 3 policies create in IAS. Each will define the ssid and the AD group the user belongs to. So on the wlc, do you have 3 ssids and each has it own vlan?

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-18-2012

What you need to use is the called-station-id radius attribute that is passed to IAS. You can specify a regex for that ex. *SSIDA

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***