Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Multiple RADIUS policies for multiple SSIDs

Posted on 2013-06-03
3
Medium Priority
?
2,024 Views
Last Modified: 2013-07-05
Hello!

I have a client that I'm trying to configure a Cisco Aironet 1041N for.  In total, we'll have three SSIDs - one for normal users, one for guests, and one for "other" users.  I'm using RADIUS in NPS under Server 2008 R2 for authentication.  I've created one policy that seems to work fine, but I'd like to have a different policy for each of the SSIDs, and I haven't found a good way to do that yet.  Can anyone point me in the right direction?

Thanks in advance!
0
Comment
Question by:MasterComputing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 39218392
I haven't done this is quite a while, and then on 2003 IAS -
but you should be able to set Called-Station-ID to SSID; see attached picture

More here: http://support.microsoft.com/kb/822057

NPS Policy
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 1280 total points
ID: 39218552
Jakob is correct... however, you need to format the Called-Station-ID string slightly differently to what is in the pic.

You need to format it like this...

*:YOURSSID

The *: part is important as that's the wildcard to match connection requests against.  If you just put the SSID in the string it'll never match as the user's MAC address is sent with the SSID.
0
 
LVL 64

Expert Comment

by:btan
ID: 39218966
Yap as both expert advised. You can also solve this by specifying the Called Station ID as a condition in the network policy, and use the pattern syntax $. E.g. If the name of the ssid is "WLAN" add the syntax "WLAN$". This means that it will match everything that ends with "WLAN".

Also note that regex works in Conditions. Called Station ID Constraint does not accept regex, only exact match.

Here is a list of pattern matching syntaxes to use: http://technet.microsoft.com/en-us/library/cc737419(WS.10).aspx

There is also other who uses the wlan id radius attribute. e.g. in step 15-17

https://lavazzza.wordpress.com/2010/05/29/wlc-school-for-network-admin%E2%80%99s-who-can-read-real-good-part-2-ok-so-it-has-been-awhile/
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question