setting up RBAC and Radius with Cisco WLC...

There are documents out there with Cisco for setting up the Wireless LAN controller with Radius, but I was wondering if anyone can tell me if what I'm thinking about is the right solution for this...

We have a few SSID's being sent out by the WLC and I'm wondering how it would be possible to have just one or two SSID's and then have something like Role Based Access control so that they could be sent to the proper VLAN once they've logged in. Also, with a guest network how can something like this be used so that you don't have to use MAC filtering to get everyone's credentials. Do you just have the RADIUS with something like Open authentication so they just put in their user name and it will attache the MAC, etc.?

Any docs or guidance on this would be great.
LVL 1
willlandymoreAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Soulja53 6F 75 6C 6A 61 Commented:
What you are talking about is some type of 802.1x setup with Radius. You could use the Radius local database or an external database such as Active Directory to authenticate users. The radius would be responsible to assigning the vlan dynamically.

Here is a link about 802.1x implementation:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml



willlandymoreAuthor Commented:
that's exactly what I'm talking about. :)

I just need to find documents about setting this up with NPS on Windows. All of Cisco's docs assume you're using their Cisco ACS. However, I'm using a 2008 server for this instead.

I've setup Network Policy Service on Windows but I'm just foggy on the part where you can get the AP/Controller linked so that when the client connects it will pass that information on to RADIUS, or better still, Active Directory and then back again.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
willlandymoreAuthor Commented:
thanks for the docs...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Hardware

From novice to tech pro — start learning today.