Solved

Seperating internal computers and mobile clients on Cisco WLC with 802.1x

Posted on 2014-04-29
2
544 Views
Last Modified: 2014-04-29
Hello, we are trying to disallow mobile clients on our internal wlan.  Here is the situation:

We have two separate WLAN on a Cisco 2500 series controller.  One is INTERNAL and other is 'MOBILE DEVICES'. Both are authenticating against a windows radius server.

The problem is I want 'INTERNAL' to authenticate only domain computers, while 'MOBILE DEVICES' wlan will authenticate against the user.  

The reason we want to do this is so we don't have people using their cell phones on the 'Internal' WLAN.

I know what has to be done, I just don't know how to go about accomplishing this.  Do I need to do something on the WLC?  If I make a policy on the radius server that doesn't really do much because it's not saying "Apply this policy to this WLAN" (or I am missing it somewhere).

Can someone point me in the right direction?
0
Comment
Question by:Jesh1975
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 40030311
You don't need to do anything on the WLC.

Set your conditions for each SSID on the RADIUS server by creating an access policy for each WLAN.

In the internal policy you would say that any device in the Domain Computers group who is attempting to connect to the Internal SSID is allowed if they use EAP-TLS (computer certificate).

In the mobile policy you would say that any device trying to connect to the Mobile SSID is allowed if they use PEAP-MSChapV2 (username/password).

To accomplish the SSID condition in each policy you need to use the Called-Station-ID attribute.  For example, if the SSID is MOBILE the condition would be:

Called-Station-ID = .*:MOBILE$
0
 

Author Closing Comment

by:Jesh1975
ID: 40031074
Soooo easy, thanks so much!!!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question