Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1788
Views
25
Helpful
8
Replies

Multiple SSIDs with 802.1x

Go to solution
jwiley1978
Level 1
Level 1

‎11-17-2020 06:59 AM - edited ‎07-05-2021 12:47 PM

Question for the group:  I have a client that is already setup with one SSID that uses 802.1x authentication.  Now they are wanting an additional SSID setup with the same type of authentication but with a different AD group.  Is that possible?  When I check the config all it does is point to a server.  I'm not finding anyway to differentiate on which AD group would be used for which SSID.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to jwiley1978

‎02-02-2021 02:25 PM

I always have to ask this question when I hear about multiple 802.1x SSID's.  If, your 802.1x SSID's have access to basically the same resources, then I would not create another SSID.  If however you just want to place a group (OU) on a different vlan, then you want to keep the same SSID, but use a radius server that is tied to AD and can lookup the user/group/cert/etc and place that device/user on a specific vlan.  There is no need to have another SSID with 802.1x especially if you have a radius server.  There is so much flexibility with 802.1 if you are using a radius server.  I don't think you can do that if you just use LDAP, but not sure as I have never had to just implement LDAP.

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Rasika Nayanajith
VIP Alumni
VIP Alumni

‎11-17-2020 10:44 AM

That level of a policy configured on your RADIUS server where it integrates with AD. WLC does not directly communicate with AD

 

HTH

Rasika

*** Pls rate all useful responses ***

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎11-17-2020 10:44 AM

Yes its possible, you can create diff SSID with same kind of authentication.

 

you need to configure  apolicy on the server (cisco ISE) to use that specific AD group.

Go to solution
MHM Cisco World
VIP
VIP

‎11-17-2020 03:04 PM - edited ‎11-17-2020 03:07 PM

think you mean LDAP?
config the multi LDAP under WLC security,
select the LDAP as you want under the WLAN>Secuirty>AAA Server.

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to MHM Cisco World

‎11-17-2020 09:52 PM

No it should be on Radius server. Radius server integrate with AD. 

Go to solution
jwiley1978
Level 1
Level 1
In response to MHM Cisco World

‎02-02-2021 10:40 AM

Thanks, I'll have to check into this tomorrow.

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to jwiley1978

‎02-02-2021 02:25 PM

I always have to ask this question when I hear about multiple 802.1x SSID's.  If, your 802.1x SSID's have access to basically the same resources, then I would not create another SSID.  If however you just want to place a group (OU) on a different vlan, then you want to keep the same SSID, but use a radius server that is tied to AD and can lookup the user/group/cert/etc and place that device/user on a specific vlan.  There is no need to have another SSID with 802.1x especially if you have a radius server.  There is so much flexibility with 802.1 if you are using a radius server.  I don't think you can do that if you just use LDAP, but not sure as I have never had to just implement LDAP.

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
jwiley1978
Level 1
Level 1
In response to Scott Fella

‎02-03-2021 05:06 AM

It is using LDAP with Windows NPS so I think you are correct.  I don't think this is going to work out for them.

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to jwiley1978

‎02-03-2021 06:35 AM

Windows NPS is a radius server so you should be able to do this using one SSID that is defined for 802.1x. Just search “Cisco WLC 802.1x with Microsoft NPS”. You should be able to find many different guides and or videos on this. Also “CIsco WLC with Microsoft NPS vlan override”
-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card