Seperating internal computers and mobile clients on Cisco WLC with 802.1x
Posted on 2014-04-29
Hello, we are trying to disallow mobile clients on our internal wlan. Here is the situation:
We have two separate WLAN on a Cisco 2500 series controller. One is INTERNAL and other is 'MOBILE DEVICES'. Both are authenticating against a windows radius server.
The problem is I want 'INTERNAL' to authenticate only domain computers, while 'MOBILE DEVICES' wlan will authenticate against the user.
The reason we want to do this is so we don't have people using their cell phones on the 'Internal' WLAN.
I know what has to be done, I just don't know how to go about accomplishing this. Do I need to do something on the WLC? If I make a policy on the radius server that doesn't really do much because it's not saying "Apply this policy to this WLAN" (or I am missing it somewhere).
Can someone point me in the right direction?