Security

i have multiple  SSID get authenticated against a Windows Active Directory acting as a Radius Server using NPS, how do i force the authentication for every SSID to be against one Active directory user group.

Your NPS config should have 1 or more network policies.

In the applicable network policies you can add a condition "User Groups".  Any user not belonging to the User Group you configure there will fail that network policy and be denied access.

Hi,

You can meet your requirement by the following steps,

1. Configure VAP profile and Map SSID and AAA profile to VAP profile, how many SSIDs you want to broadcast those many VAP profiles are needed. all thse VAP profiles should have unique SSID profiles but you can map the same AAA profile to all the VAP profiles.

2. Create a RADIUS server ( Configuration-->Authentication-->Servers) and map this server to a server-group

3. map the server-group to the AAA profile which was mapped to the VAP profile.

The above steps will insists whole traffic of all SSIDS to the server configured and mapped to the server-group.

4. in NPS create a Remote access policy mapping to the user group with access policy, here we can configure any number of policies and the execution will be top to bottom. if the authenticating user do not belongs to any of the user group mapped in the policy will be denied.

For your ref :

This requirement is very easy and flexible with CPPM. if you get a chance try with CPPM.