The ACS supports checking AD for group membership prior to allowing access via SSID. For ACS 5.x the value IETF RADIUS attribute 'called-station-id' ending with the SSID will recognize the determined SSID to then check AD for group membership.
|Bruce Boardman, Network Engineer, Syracuse University - 315 889-1667 ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [[email protected]] On Behalf Of Williams, Mr. Michael [[email protected]] Sent: Friday, January 21, 2011 10:55 AM To: [email protected] Subject: [WIRELESS-LAN] Link LDAP groups to Separate SSIDs for Authentication All, I have been trying to figure this out but have been unable to find a solution. Here is what we are trying to do. 1 wireless SSID that is open network which uses a web portal for authentication- this would be the student network 1 wireless SSID that using 802.1x w/WPA and a splash page –this would be used for Fac/Staff Is it possible to link the Student SSID to only the Student group in LDAP and the Fac/Staff SSID to only the Fac/Staff using LDAP? We need want to keep the Fac/Staff folks from using the open network. Does anyone have a similar requirements. We have a Cisco ACS that is linked to LDAP/AD, a WISM and WCS. v/r Mike Michael M. Williams Network Systems Analyst Information Technology Services Tarleton State University Information Technology Services staff will never ask for your password in an email. Don't ever email your password to anyone or share confidential information in emails. Confidentiality Notice: This electronic message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
