AAA/802.1x
AAA/802.1x

Steel-Belted Radius Appliance question.

‎03-02-2009 06:33 AM

 

Hi, i am working with a SBR appliance and cisco AP, WLCs, WCS.

I have one SSID XXX with WPA/TKIP + EAP-PEAP , and a second SSID YYY with the same encription and authentication method, How can I filter the access of an user that can achive the SSID XXX shouldn´t can enter into SSID YYY??

Can I make authentications groups depending of the SSID?? attributes, domains???

 

Kind Regards.

 

Gross. 

 

 

 

1 REPLY 1
Highlighted
AAA/802.1x

Re: Steel-Belted Radius Appliance question.

‎03-04-2009 06:25 AM

Hi Gross,

 

You'll need to use an attribute like Cisco-AVpair= "ssid=XXXX" in the check attributes for that user.   If the SSID attribute isn't that value, they won't be able to get in.

 

If your APs are not sending that attribute, you'll need to send it as a reply attribute and hope that the AP sees it and refuses to authorize the user if they use the wrong SSID.

 

Rgds,

 

Guy 

Announcements

AAA/802.1X

IC Series Unified Access Control Appliances are hardened, centralized policy servers, combining the user identity, device security state and network location gathered by the UAC Agent to create unique network access control policy per user, per session.

RSS Icon