Hi Friend,
Here are the steps to configure IAP with external RADIUS,
Click on "System" and fill the below details.
Give an IP to the Virtual Controller and enable Dynamic radius Proxy. This will forward all the radius packets ( from any IAP in the cluster) to RADIUS server with the VC's IP.
Click on "Authentication" and add a new radius Server.
Navigate to Security - Role page and add two new roles.
Employee : allowed to all destination.
Contractor : limited access
These roles can be customized based on user's requirements.
Sample Contractor Role.
Create a new SSID.
Click on "New" and give a name to the SSID.
On next page, select the Client IP assignment.
We can have it either VC assigned or Network Assigned based on our requirements.
On the Next page,
Select the security as "Enterprise"
Key Management as "WPA-2-Enterprise"
Authentication server as < Server Name>
On the next page,
here we have to select the proper method to assign a role to the authenticated clients ( users).
Please don't forget to configure the RADIUS client and other details in the server :)
Hope you got some idea, please go ahead and try.
Please feel free if you need any furhter help on this.