Antony,
We do that on wireless (Rice Owls). Essentially, the radius returns a status of "staff" or "student" based on the credentials provided, which maps to an MPLS VPN. Each VRF has a separate firewall policy, both internally and externally. The wireless controllers then map the reply to a VLAN. If you want to hear more, email me offline. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Linchuan Yang Sent: Monday, November 05, 2012 11:00 AM To: [email protected] Subject: [WIRELESS-LAN] How to separate the access privilege of staff and students Dear All Good morning. We want to separate the access privilege of staff and students by using the same SSID. We are using free radius linked with Active Directory. Could you please explain how to do it in detail? Shall we need ACS (ISE) or other? Thank you, and have a nice day. Yours, Linchuan Yang (Antony) Wireless Networking Analyst Network Assessment and Integration, IITS-Concordia University Tel: (514)848-2424 ext. 7664 !DSPAM:911,5097f348229955578618184! ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
