Solved

Multiple RADIUS policies for multiple SSIDs

Posted on 2013-06-03
3
1,690 Views
Last Modified: 2013-07-05
Hello!

I have a client that I'm trying to configure a Cisco Aironet 1041N for.  In total, we'll have three SSIDs - one for normal users, one for guests, and one for "other" users.  I'm using RADIUS in NPS under Server 2008 R2 for authentication.  I've created one policy that seems to work fine, but I'd like to have a different policy for each of the SSIDs, and I haven't found a good way to do that yet.  Can anyone point me in the right direction?

Thanks in advance!
0
Comment
Question by:MasterComputing
3 Comments
 
LVL 20

Expert Comment

by:Jakob Digranes
ID: 39218392
I haven't done this is quite a while, and then on 2003 IAS -
but you should be able to set Called-Station-ID to SSID; see attached picture

More here: http://support.microsoft.com/kb/822057

NPS Policy
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 320 total points
ID: 39218552
Jakob is correct... however, you need to format the Called-Station-ID string slightly differently to what is in the pic.

You need to format it like this...

*:YOURSSID

The *: part is important as that's the wildcard to match connection requests against.  If you just put the SSID in the string it'll never match as the user's MAC address is sent with the SSID.
0
 
LVL 61

Expert Comment

by:btan
ID: 39218966
Yap as both expert advised. You can also solve this by specifying the Called Station ID as a condition in the network policy, and use the pattern syntax $. E.g. If the name of the ssid is "WLAN" add the syntax "WLAN$". This means that it will match everything that ends with "WLAN".

Also note that regex works in Conditions. Called Station ID Constraint does not accept regex, only exact match.

Here is a list of pattern matching syntaxes to use: http://technet.microsoft.com/en-us/library/cc737419(WS.10).aspx

There is also other who uses the wlan id radius attribute. e.g. in step 15-17

https://lavazzza.wordpress.com/2010/05/29/wlc-school-for-network-admin%E2%80%99s-who-can-read-real-good-part-2-ok-so-it-has-been-awhile/
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now