04-07-2015 09:11 AM
i have multiple SSID get authenticated against a Windows Active Directory acting as a Radius Server using NPS, how do i force the authentication for every SSID to be against one Active directory user group.
04-08-2015 01:30 AM
Your NPS config should have 1 or more network policies.
In the applicable network policies you can add a condition "User Groups". Any user not belonging to the User Group you configure there will fail that network policy and be denied access.
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
04-08-2015 02:29 AM
You can meet your requirement by the following steps,
1. Configure VAP profile and Map SSID and AAA profile to VAP profile, how many SSIDs you want to broadcast those many VAP profiles are needed. all thse VAP profiles should have unique SSID profiles but you can map the same AAA profile to all the VAP profiles.
2. Create a RADIUS server ( Configuration-->Authentication-->Servers) and map this server to a server-group
3. map the server-group to the AAA profile which was mapped to the VAP profile.
The above steps will insists whole traffic of all SSIDS to the server configured and mapped to the server-group.
4. in NPS create a Remote access policy mapping to the user group with access policy, here we can configure any number of policies and the execution will be top to bottom. if the authenticating user do not belongs to any of the user group mapped in the policy will be denied.
For your ref :
This requirement is very easy and flexible with CPPM. if you get a chance try with CPPM.
[Is my post helped you ? Give Kudos :) ]