Re: Restricting user access via the Wireless Lan

nandersson · ‎05-27-2002

We have a scenario where we are Using AP 350's and ACS 3.0. ACS is using an external Windows 2000 database for authentication of the users. For the moment any user that exists in the Windows 2000 user database can log on to the network both via the Wired and the Wireless Lan. What we are hoping to do is restrict the ability to logon over the Wireless Lan to a certain group of users. So basically we want to create a "Wireless User Group" on the ACS and assign only the users that should be able to log on to the network via the WLAN to that group. Users not in this group should only be allowed to log on via the Wired Lan. Is this possible and if so, how do you set it up?

Thanks in advance!

mmelbourne · ‎06-02-2002

If you're using an external Windows 2000 database, then users will only appear in the CSACS users' list after they have logged on for the first time. You could use the "dial-in permissions" flag within Win2k user properties (and also configure CSACS to recognise it) to differentiate between wired and wireless users. Another possibility could be to set up an NT group for wireless users and map these onto a specific CSACS group, then apply Network Access Restrictions so that only members of that group will be authenticated on the APs. Non-wireless users would need to mapped to a group where authentication on the APs is not permitted. The solution will depend on the type and number of other NASes you have configured with CSACS and how you want your users to access them.