Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAPs with different AD Groups

This thread has been viewed 1 times

  • 1.  IAPs with different AD Groups

    Posted Jul 15, 2013 08:57 AM

    Hi community,

     

    I´ve a problem, we´ve 14 IAPs with 3 SSIDs.

    I want to authenticate all 3 SSIDs with the same DC. (Windows 2008 R2)

     

    I´ve created different (3) Groups in AD.

     

    I want that the group 1 can only authenticate on the ssid 1, not ssid2 or ssid3.

    group 2 only authenticate on ssid 2 not on ssid 1 and ssid3 and so on.

     

    How can I make this?

    Is it possible?

     

    Thanks



  • 2.  RE: IAPs with different AD Groups

    Posted Jul 15, 2013 03:15 PM

    yes with configuration of Aruba VSA and use "Aruba-ESSID" option, we can create nps policy to accomidate this. 



  • 3.  RE: IAPs with different AD Groups

    Posted Jul 16, 2013 03:12 AM

    Ok, this woks with IAPs?

     

    How can I configure this? Do you haven a step by step manual or something?

    Maybe you can shortly discribe the steps to configure this?

     

     

    Thanks



  • 4.  RE: IAPs with different AD Groups

    Posted Jul 16, 2013 08:03 AM

    Change in thought. the following will be much easier. 

     

    Create a separate server group  and radius server config for each eSSID and the set the NAS-ID in the server group to match the eSSID. That way, you can use a standard RADIUS attribute (NAS-ID) in your IAS rules to enforce per-SSID policies. Works perfectly. The only down side would be creating multiple AAA profiles.