Hi Everybody,
I've got a couple of 7210 controllers and a bulk of IAP103 + AirWave 8.x.
What does my customer want:
- SSID1. For guest and service stuff. MAC + PSK authorization at internal DB. No access to internal resources and some badwith limits.
- SSID2. For employers. MAC + PSK authorization at internal DB. Without bandwith limits but with content filtering.
- SSID3. For management. MAC + PSK authorization at internal DB. No limits&filtering
1. Users should not be able to connect to "wrong" SSID, e.g. guest from SSID1 should not be able to connect to SSID3.
2. "Wrong" users (without registered MACs) should not be able to get in even having PSK
3. All traffic shaping and content filtering tasks will be performed on Cisco ASA+FireSight.
4. I have no outside RADIUS/TACACS/LDAP/AD server and PEFNG license:(
Is there any solution to do like that?
My idea is to use different MAC authentification profiles with different delimiters. Thus, I will (I hope:)) have 3 virtually "different" MAC bases in internal DB and will be able to set up different User Derivation Rules based on MAC for different SSIDs.
I'd like to know will it work?
Is there some "stright" and documented way or any good ideas to try?
Thank a lot in advance!
BR
Alex
#7210