Collin,
Below answers for your questions;
What are the Application Requirements for both groups of people?
The Ex-SSID (in producation): KAMC_Users = (LAN access only), all IP Traffic. (Policy name on radius: KAMC_Wireless_Users)
The New-SSID (to be in producation): KAMC_Mobile_Devices = (Internet Access only, no access to LAN resources ), all Internet traffic like web & apps. (Policy name on radius: Secure Wireless Connection)
What do they need to access?
Same as above
How do you want it restricted?
By using active directory groups
i.e. ‘Internet users group’ will have access to Internet only (LAN resources are not available to them ‘except AD authentication’)
‘other kamc user groups’ will have access to all LAN resources except Internet.
How many different types of users do you really have?
2 types as mentioned above.
---------------
Guys, the problem is as I mentioned in my 2nd post; when I'm going:
to disable (Policy name on radius: KAMC_Wireless_Users) which is not accptable because it's in producation
then (Policy name on radius: Secure Wireless Connection) will work fine.
to enable (Policy name on radius: KAMC_Wireless_Users) which is as always as enabled
then (Policy name on radius: Secure Wireless Connection) will not work.
-----------------------
Hi all,
Problem can be solved with new hardware requiements:
- A New RADIUS server with Device profiling (Devices Classification) capabilities such as Aruba ClearPass Policy Manager.
- Aruba Policy Enforcement Firewall to be activated on the controllers. Aruba firewall can apply different policies/VLANs based on users and device type together.
Thank you ALL....^_^