Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1647
Views
0
Helpful
4
Replies

Restriction SSID Per User with ACS 5.x version

ittichai_a
Level 1
Level 1

‎09-16-2011 02:27 AM - edited ‎07-03-2021 08:47 PM

Hi

I would like to ask some question on WLAN technology, which I using WiSM version 2. And i get requirement that user must be restrict with SSID, so, i found that it can do it on ACS version 4.x via NAR for SSID-based authentication feature. Then, is it possible to do restriction on ACS Version 5.x?

Please give me the idea or help

Thanks

Labels:
0 Helpful
4 Replies 4

Nicolas Darchis
Cisco Employee
Cisco Employee

‎09-16-2011 03:29 AM

By typing the command "config radius callstationidtype ap-macaddr-ssid" on the controller command line, the Radius "call station id" will be the ap mac address concatenated with the SSID name.

You can then simply create an authentication policy on ACS that only allows a certain user group when the radius "callstation id" ends with "ssid name".

0 Helpful

ittichai_a
Level 1
Level 1
In response to Nicolas Darchis

‎09-16-2011 03:41 AM

Hi Nicolas

Thanks for you answer, but i have few question to ask you that you said that

"You can then simply create an authentication policy on ACS that only allows a certain user group when the radius "callstation id" ends with "ssid name" < Is it support on ACS version 5.x ?

Thanks

0 Helpful

stefan.angerer
Level 1
Level 1
In response to ittichai_a

‎09-16-2011 05:13 AM

There is a guide how to achieve this with ACS4.2:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

(you probably know that one)

This is also working with ACS5.x, maybe this can help you:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/pol_elem.html#wp1074194

Be careful when configuring a DNIS in ACS5, maybe you are hitting CSCtk16271 (but there is an easy workaround, so this will definitely work!)

Regards

Stefan

0 Helpful

Nicolas Darchis
Cisco Employee
Cisco Employee
In response to ittichai_a

‎09-16-2011 06:11 AM

That's THE way to do it under ACS 5 so of course it's supported :-)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card