Solved

Seperating internal computers and mobile clients on Cisco WLC with 802.1x

Posted on 2014-04-29
2
526 Views
Last Modified: 2014-04-29
Hello, we are trying to disallow mobile clients on our internal wlan.  Here is the situation:

We have two separate WLAN on a Cisco 2500 series controller.  One is INTERNAL and other is 'MOBILE DEVICES'. Both are authenticating against a windows radius server.

The problem is I want 'INTERNAL' to authenticate only domain computers, while 'MOBILE DEVICES' wlan will authenticate against the user.  

The reason we want to do this is so we don't have people using their cell phones on the 'Internal' WLAN.

I know what has to be done, I just don't know how to go about accomplishing this.  Do I need to do something on the WLC?  If I make a policy on the radius server that doesn't really do much because it's not saying "Apply this policy to this WLAN" (or I am missing it somewhere).

Can someone point me in the right direction?
0
Comment
Question by:Jesh1975
2 Comments
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 40030311
You don't need to do anything on the WLC.

Set your conditions for each SSID on the RADIUS server by creating an access policy for each WLAN.

In the internal policy you would say that any device in the Domain Computers group who is attempting to connect to the Internal SSID is allowed if they use EAP-TLS (computer certificate).

In the mobile policy you would say that any device trying to connect to the Mobile SSID is allowed if they use PEAP-MSChapV2 (username/password).

To accomplish the SSID condition in each policy you need to use the Called-Station-ID attribute.  For example, if the SSID is MOBILE the condition would be:

Called-Station-ID = .*:MOBILE$
0
 

Author Closing Comment

by:Jesh1975
ID: 40031074
Soooo easy, thanks so much!!!
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 2702e Antenna Extension for better coverage 3 67
Wi-Fi calling 12 81
Choosing a firewall for our broadband cable connection 2 57
IP Address -- lookup location ? 4 71
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now