Solved

Multiple RADIUS policies for multiple SSIDs

Posted on 2013-06-03
3
1,799 Views
Last Modified: 2013-07-05
Hello!

I have a client that I'm trying to configure a Cisco Aironet 1041N for.  In total, we'll have three SSIDs - one for normal users, one for guests, and one for "other" users.  I'm using RADIUS in NPS under Server 2008 R2 for authentication.  I've created one policy that seems to work fine, but I'd like to have a different policy for each of the SSIDs, and I haven't found a good way to do that yet.  Can anyone point me in the right direction?

Thanks in advance!
0
Comment
Question by:MasterComputing
3 Comments
 
LVL 21

Expert Comment

by:Jakob Digranes
ID: 39218392
I haven't done this is quite a while, and then on 2003 IAS -
but you should be able to set Called-Station-ID to SSID; see attached picture

More here: http://support.microsoft.com/kb/822057

NPS Policy
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 320 total points
ID: 39218552
Jakob is correct... however, you need to format the Called-Station-ID string slightly differently to what is in the pic.

You need to format it like this...

*:YOURSSID

The *: part is important as that's the wildcard to match connection requests against.  If you just put the SSID in the string it'll never match as the user's MAC address is sent with the SSID.
0
 
LVL 63

Expert Comment

by:btan
ID: 39218966
Yap as both expert advised. You can also solve this by specifying the Called Station ID as a condition in the network policy, and use the pattern syntax $. E.g. If the name of the ssid is "WLAN" add the syntax "WLAN$". This means that it will match everything that ends with "WLAN".

Also note that regex works in Conditions. Called Station ID Constraint does not accept regex, only exact match.

Here is a list of pattern matching syntaxes to use: http://technet.microsoft.com/en-us/library/cc737419(WS.10).aspx

There is also other who uses the wlan id radius attribute. e.g. in step 15-17

https://lavazzza.wordpress.com/2010/05/29/wlc-school-for-network-admin%E2%80%99s-who-can-read-real-good-part-2-ok-so-it-has-been-awhile/
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question