Wireless Access

Hey Guys,

I'm currently trying to figure out the best way to configure have two different SSIDs with one being for a specific LDAP group.  We are currently not using RADIUS (that will be done in the future), and are authenticating directly to MS AD.  I currently have an SSID that anyone with an LDAP account can access, but I have another SSID that is to be used by a specific group.  At the moment, the only way I can see doing this is to copying the existing LDAP servers and filtering for the desired group.  Is there any other way to do this?  Thanks.

Controller 3200

OS 6.1.3.1

Why not just have a single SSID and change the role based on the "memberOf" attribute?

Hey Cjospeh,

Currently our network design has a vlan for each SSID.  The Guest SSID/Vlan is used on both wired and wireless.

Are your two different sets of users in a group or in separate containers (OUs)?  if they are in separate containers, you can have two different LDAP server definitions;  one where the base-dn is the OU of the first container and one where the second base-dn is the OU for the second container of users.

Will that work?

Hey Cjoseph,

The Guest SSID can be used by anyone with an LDAP account.  The other SSID will just be a single group, but its users will be in different OUs.  I originally thought of a creating a second LDAP definiation, but wasn't sure if there was another (better) way to do it.  I will go ahead with that method.

Thanks.