04-24-2014 07:49 AM
Do u have any ideas how to make these work:
1. students can only connect to student SSID ONLY
2. staff can only connect to staff SSID ONLY
- students wont be able to connect to staff SSID (fail to connect)
- staffwont be able to connect to student SSID (fail to connect)
whats need to configure inside controller and Radius / LDAP
04-24-2014 07:56 AM - edited 04-24-2014 07:56 AM
04-24-2014 09:24 AM - edited 04-24-2014 09:27 AM
EDIT: the question was already asked by TCappy
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
04-24-2014 10:04 AM
I used to do something similar with Microsoft IAS using the filter ID RADIUS attribute and a server rule I set up.
Start with the RADIUS Attribute.
When a Student authenticates have IAS Send a filter ID of "Student" in the radius accept message.
Likewise send a filter ID of "Staff" for staff authentications.
You will need to create a unique server group for each SSID. The severs within the server group can be the same.
Under the Server rules section of the server group configuration create a rule to block access. Something like.....
aaa server-group "Staff"
set role condition "filter-Id" equals "Student" set value denyall position 1
aaa server-group "Student"
set role condition "filter-Id" equals "Staff" set value denyall position 1
Hope this will help.
04-24-2014 10:38 AM
can u give me the link..
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base