Jay, You're on the right track overall, but for that first step you may want to take a close look at the ACS logs to see what attributes and attribute values are included in the radius auth request packet coming from the AP.
In a larger context, I found that a highly valuable exercise was to compare the radius auth requests from the following three devices. Their attributes differ depending on source and knowing those differences is key when setting up access policies in ACS: * WLC * Autonomous AP * FlexConnect AP (standalone mode) hth, Justin Disclaimer: I'm not familiar with the specific exercise you're working on--just trying to help in a general sense on your outlined first step. typd on tny kybrd. > On Jan 2, 2014, at 19:42, "Jay Killion (jakillio)" <[email protected]> wrote: > > Question on WB1 lab 3.2. The requirements have you creating multiple SSID's > (autonomous AP), each using different EAP methods in ACS – such as PEAP for > one and TLS for another. The solution book doesn't show how this is done in > ACS so I wanted to find out the correct method for this. I'm thinking the > correct steps are as follows, but would appreciate any feedback. > > 1 – Create an end-station filter to match on SSID > 2 – Create a new access service that only allows that specific EAP method > (TLS, for example) > 3 – Create a new service selection rule that matches the end-station filter > (from step 1) and returns the service created in step 2, thus only permitting > that EAP method > > Is that correct? > > Thanks > > Jay Killion, CCIE #17873 R/S > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
