OK , thank you so much for your time and your information.
Best Regards, Cisco2006 ------------------------------ On Fri, Feb 21, 2014 7:57 PM AST (Arabian) Jeff Rensink wrote: >There really isn't a document that covers all of this. Basically we have >our 3 methods of assigning an ACL to a client session. So how many >different ways can we use AAA override, use different WLANs, or place >clients on different interfaces? Many of these methods rely on completely >different features, so they are in different documents. > >Regards, > > > >Jeff Rensink : Sr Instructor : iPexpert <http://www.ipexpert.com/> > >CCIE # 24834 :: Wireless / R&S > >:: World-Class Cisco Certification Training > >Direct: +1.810.326.1444 > >:: Free Videos <http://www.youtube.com/ipexpertinc> > >:: Free Training / Product Offerings <http://www.facebook.com/ipexpert> > >:: CCIE Blog <http://blog.ipexpert.com/> >:: Twitter <http://www.twitter.com/ipexpert> > > >On Fri, Feb 21, 2014 at 10:50 AM, cisco 2006 <[email protected]> wrote: > >> >> >> Many Thanks for this illustration .Also I will ask you for a fover , if >> can send me a document about this . >> >> Best Regards, >> Cisco2006 >> ------------------------------ >> On Fri, Feb 21, 2014 7:19 PM AST (Arabian) Jeff Rensink wrote: >> >> >We only have 3 ways of assigning ACLs to client sessions. By the >> interface >> >that a client is assigned to, by the WLAN that a client associates to, and >> >by using AAA override. >> > >> >If you do authentication locally on the WLC, the only AAA override option >> >you have is by MAC address. So if you had 2 separate clients, you could >> >use MAC filtering + AAA override and use a MAC filter entry to assign the >> >clients to specific interfaces. You then have a different ACL per >> >interface. This requires you to pre-populate MAC filtering entries, which >> >would be fairly insane to do on a guest network. >> > >> >Another option would be separate WLANs. There they could use the same >> >interface, but each WLAN has a different ACL. >> > >> >You could also use a combination of interface groups and static IP >> >addressing on the clients. That would deterministically place clients >> onto >> >specific interfaces, which can have their own ACLs. >> > >> >But if you want a single classic guest WLAN setup, external authentication >> >is your only reasonable option that I can think of. >> > >> >Regards, >> > >> > >> > >> >Jeff Rensink : Sr Instructor : iPexpert <http://www.ipexpert.com/> >> > >> >CCIE # 24834 :: Wireless / R&S >> > >> >:: World-Class Cisco Certification Training >> > >> >Direct: +1.810.326.1444 >> > >> >:: Free Videos <http://www.youtube.com/ipexpertinc> >> > >> >:: Free Training / Product Offerings <http://www.facebook.com/ipexpert> >> > >> >:: CCIE Blog <http://blog.ipexpert.com/> >> >:: Twitter <http://www.twitter.com/ipexpert> >> > >> > >> >On Thu, Feb 20, 2014 at 1:14 AM, cisco 2006 <[email protected]> wrote: >> > >> > Dear All, >> > >> > I need to configure the policy that allow some users access the Internet >> > and the others just get the access to the Internal Network ( inside >> > network ) in WLC 5508. How can I do this without using external server >> for >> > authentication and authorization ? >> > >> > Best Regards, >> > Cisco2006 >> > >> > >> > >> > _______________________________________________ >> > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >> > >> > iPexpert on YouTube: www.youtube.com/ipexpertinc >> > >> >> _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
