05-25-2016 12:20 PM
Currently we have five SSIDs:
Guest - captive portal authentication to a guest VLAN
Device - MAC authentication via the internal DB to the same guest VLAN (for Blu-Ray players and other devices that can't do the captive portal)
Kiosk - MAC authentication via RADIUS/Active Directory to the internal LAN
HC - 802.1x Active Directory authentication through RADIUS to the internal LAN
Rehab - MAC authentication to the internal LAN (same as Kiosk, SSID still exists for legacy reasons only)
I would like to consolidate to two SSIDs:
Public - authenticate via MAC->Internal DB or captive portal
Private - authenticate via MAC->RADIUS->AD, or via 802.1x->Radius>AD
The idea behind this Private authentication scheme is that we can either pre-configure tablets for wireless authentication before shipping them out to our various locations, or people can BYOD and get on the internal network with their normal AD credentials
I'm currently testing this in a lab environment. Public is working exactly the way I want it to, no issues. Public does not work. Depending on configuration, I either get the captive portal instead of 802.1x authentication, or I am completely unable to connect to the network at all.
I have a case open, and have not yet gotten a resolution.
wlan virtual-ap "EmpResPrivate"
wlan virtual-ap "EmpResPublic"
aaa profile "EmpResPrivate"
aaa server-group "EmpResKiosk-group"
aaa server-group "EmpResHC"
aaa profile "EmpResPublic"
aaa server-group "Device"
05-25-2016 12:31 PM