Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

SSID Access Control

This thread has been viewed 2 times

  • 1.  SSID Access Control

    Posted Apr 24, 2014 10:49 AM

    HI,

     

    Do u have any ideas how to make these work:

     

    1. students can only connect to student SSID ONLY

    2. staff can only connect to staff SSID ONLY

     

    for example:

     

    - students wont be able to connect to staff SSID (fail to connect)

    staffwont be able to connect to student SSID (fail to connect)

     

    whats need to configure inside controller and Radius / LDAP

     

    Thanks



  • 2.  RE: SSID Access Control

    EMPLOYEE
    Posted Apr 24, 2014 10:56 AM

    Best practice would be to have a single SSID with roles being assigned by the RADIUS server.

     

    What is your RADIUS server? ClearPass?



  • 3.  RE: SSID Access Control

    Posted Apr 24, 2014 11:21 AM

    i cant do that because its in production. its not clearpass. normal radius. Can i do that ?



  • 4.  RE: SSID Access Control

    Posted Apr 24, 2014 12:25 PM

    EDIT: the question was already asked by TCappy



  • 5.  RE: SSID Access Control

    Posted Apr 24, 2014 12:32 PM
    This is users radius.. I think they use Windows server as the radius..

    Thanks,

    Regards,

    Shaiful Adli bin Yaakob
    Acelync Networks Sdn Bhd


  • 6.  RE: SSID Access Control

    Posted Apr 24, 2014 01:05 PM

    I used to do something similar with Microsoft IAS using the filter ID RADIUS attribute and a server rule I set up.

     

    Start with the RADIUS Attribute.

    When a Student authenticates have IAS Send a filter ID of "Student" in the radius accept message.

    Likewise send a filter ID of "Staff" for staff authentications.

     

    You will need to create a unique server group for each SSID. The severs within the server group can be the same.

    Under the Server rules section of the server group configuration create a rule to block access.  Something like.....

     

    aaa server-group "Staff"

      set role condition "filter-Id" equals "Student" set value denyall position 1

    aaa server-group "Student"

      set role condition "filter-Id" equals "Staff" set value denyall position 1

     

    Hope this will help.

     

     



  • 7.  RE: SSID Access Control

    Posted Apr 24, 2014 12:56 PM

    can u give me the link..

     

    thanks..



  • 8.  RE: SSID Access Control

    EMPLOYEE


  • 9.  RE: SSID Access Control

    Posted Apr 24, 2014 01:58 PM

    I understand what you saying..does the deny all will prevent the user from becomes connected with the user ID at all? I hope the user gets something like unable to connect.