Link to home
Start Free TrialLog in
Avatar of beardog1113
beardog1113Flag for China

asked on

Cisco autonomous AP SSID mapping with NPS policy

hello experts
i will using Cisco autonomous AP to setup wireless network for users, they will separated with VLAN for wireless they will using different SSID base on different department, i will using NPS as the authentication server, my question is how can i mapping different SSID to different policy on NPS?
on the NPS configuration wizard i noticed that there is a option calling-station-ID and called-station-ID, not sure i can using this option or not, but i don't know how to configure calling called station ID on SSID, please advice.

thank you
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image
You need one policy per SSID.  The CallingStation-ID attribute can be used as a condition which includes a regular expression to match the SSID, like this...

.*:(YOUR_SSID)$
Avatar of beardog1113
beardog1113
Flag of China image

ASKER

hello Craig
appreciate your reply, for example my SSID is "GUEST", please check below screen shot i should configure NPS policy as this?
and is there any other configure i need put on Cisco Wireless AP device?

thank you

User generated image
Avatar of beardog1113
beardog1113
Flag of China image

ASKER

and i just tried it as the screenshot setting, but not works, please advice.
thank you
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image
Can you post the NPS log?
Avatar of beardog1113
beardog1113
Flag of China image

ASKER

is this fine?
thanks


<Event><Timestamp data_type="4">09/21/2017 15:31:18.418</Timestamp><Computer-Name data_type="1">APCNHKGNPS1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">AAIGROUP\ipsoscn1.guest</User-Name><Framed-MTU data_type="0">1400</Framed-MTU><Called-Station-Id data_type="1">c89c.1daa.d922</Called-Station-Id><Calling-Station-Id data_type="1">04f7.e482.f696</Calling-Station-Id><Vendor-Specific data_type="2">0000372A020F4368696E612C4265696A696E67</Vendor-Specific><Service-Type data_type="0">1</Service-Type><NAS-Port-Type data_type="0">19</NAS-Port-Type><NAS-Port data_type="0">4028</NAS-Port><NAS-Port-Id data_type="1">4028</NAS-Port-Id><NAS-IP-Address data_type="3">10.137.31.67</NAS-IP-Address><NAS-Identifier data_type="1">AP-BJ-AP-01</NAS-Identifier><Client-IP-Address data_type="3">10.137.31.67</Client-IP-Address><Client-Vendor data_type="0">9</Client-Vendor><Client-Friendly-Name data_type="1">ALL_APAC</Client-Friendly-Name><Cisco-AV-Pair data_type="1">ssid=MF</Cisco-AV-Pair><Cisco-AV-Pair data_type="1">service-type=Login</Cisco-AV-Pair><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">AAIGROUP\ipsoscn1.guest</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">AAIGROUP\ipsoscn1.guest</Fully-Qualifed-User-Name><Class data_type="1">311 1 10.137.8.49 05/16/2016 01:26:45 8867388</Class><Authentication-Type data_type="0">5</Authentication-Type><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
Avatar of beardog1113
beardog1113
Flag of China image

ASKER

hello, any ideas?

thank you
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image
Can you pull the log from the Windows Custom Logs please, they're easier to interpret?
Avatar of beardog1113
beardog1113
Flag of China image

ASKER

hello Craig
i did try it but i could not find related log from windows log, what i should do to filter such log out?

thank you
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.