Web Authentication problem

franciscotagliaferro · ‎02-24-2016

Greetings

Im trying to activate a guests wirelles at the office with web authentication via a Radius Server, currently we use the Radius Server to authenticate the user off the corporative WLAN with the 802.x protocol. My question is, Can i use the same Radius Server to authenticate both WLAN?
I try to create another group for the web authentication but it didnt work out, below a attachment of the Radius configurations

Best regards.

colman.wannes · ‎02-24-2016

Francis,

I think that, by default, the WLC populates the RADIUS Field "Called Station Identifier" with:

"AP MAC Address:SSID".

You can check your NPS event viewer, here in the "security" log, you should see the entries forwarded to your NPS from your WLC.

The "Called Station Identifier" should contain something like 00-11-22-33-44-55:CORPSSID for your corporate SSID and something like 55-44-33-22-11-00:GUESTSSID for your Guest SSID.

Now you can add a condition to your existing NPS Network Policy that hits for your Corporate SSID and a new network policy, which contains a condition that hits for your Guest SSID.

When you add the "Called Station Identifier" condition, you should use Regular Expressions to filter out the MAC Address.

franciscotagliaferro · ‎02-24-2016

Dear Colman,

I'll try and let you know how it works, thansk

Regards.