We only have 3 ways of assigning ACLs to client sessions. By the interface that a client is assigned to, by the WLAN that a client associates to, and by using AAA override.
If you do authentication locally on the WLC, the only AAA override option you have is by MAC address. So if you had 2 separate clients, you could use MAC filtering + AAA override and use a MAC filter entry to assign the clients to specific interfaces. You then have a different ACL per interface. This requires you to pre-populate MAC filtering entries, which would be fairly insane to do on a guest network. Another option would be separate WLANs. There they could use the same interface, but each WLAN has a different ACL. You could also use a combination of interface groups and static IP addressing on the clients. That would deterministically place clients onto specific interfaces, which can have their own ACLs. But if you want a single classic guest WLAN setup, external authentication is your only reasonable option that I can think of. Regards, Jeff Rensink : Sr Instructor : iPexpert <http://www.ipexpert.com/> CCIE # 24834 :: Wireless / R&S :: World-Class Cisco Certification Training Direct: +1.810.326.1444 :: Free Videos <http://www.youtube.com/ipexpertinc> :: Free Training / Product Offerings <http://www.facebook.com/ipexpert> :: CCIE Blog <http://blog.ipexpert.com/> :: Twitter <http://www.twitter.com/ipexpert> On Thu, Feb 20, 2014 at 1:14 AM, cisco 2006 <[email protected]> wrote: > Dear All, > > I need to configure the policy that allow some users access the Internet > and the others just get the access to the Internal Network ( inside > network ) in WLC 5508. How can I do this without using external server for > authentication and authorization ? > > Best Regards, > Cisco2006 > > > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc >
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
