We broke out fac/staff vs. students and put them into different vlans. The student VLAN terminates outside the firewall. In ACS, we have mappings for AD groups to roles, and the ACS role dictates the VLAN. This should help out: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
Erik From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Linchuan Yang Sent: Monday, November 05, 2012 12:00 PM To: [email protected] Subject: [WIRELESS-LAN] How to separate the access privilege of staff and students Dear All Good morning. We want to separate the access privilege of staff and students by using the same SSID. We are using free radius linked with Active Directory. Could you please explain how to do it in detail? Shall we need ACS (ISE) or other? Thank you, and have a nice day. Yours, Linchuan Yang (Antony) Wireless Networking Analyst Network Assessment and Integration, IITS-Concordia University Tel: (514)848-2424 ext. 7664 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ________________________________ "This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited." ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
