IÍm setting up a new WLAN with a WLC880R and an IC 4500.
I've 3 SSIDs:
SSID A: Local LAN on the Switch (no vlan ID)
SSID B: Local VLAN on the Switch (id: 1000)
SSID C: Tunnel to WLC with local LAN and Sign-In Page on the WLC
The Network basic Setup is working (Sign-IN Page with local User on the WLC, connecting to the right VLAN based on the SSID. The SSID is protected by WPA-PSK for testing)
SSIDs A and B should be authenticated against an AD via UAC.
A with Username+Password (+ certificate)
B with Username+Password
SSID C against a local Database on the UAC.
Can I identify the on the UAC from witch SSID the user tries to connect to WLAN?
With this information, it should be possible to write 3 different rule-sets?
Is this scenario possible?
Yes your requirement should be possible.
Typically, SSID is sent from WLC using radius attribute Called-Station-ID.
You need create radius request attribute policy and match above said attribute for realm selection.
Based on ream selection you could assign authentication database.
Hope this helps!
Yes this is possible and I have seen this working in many sites
You need to have Radius attribute request policies configured for each SSID and enable this request policues under respective relams under Authentication Policy section where we have authentication server and role mapping rules also enabled.
You can access the below URL;s to understand more on
Hope this helps,
I'm trying to differentiate users regarding their SSID names but Called-Station-ID does not work. Can you please help me?
Take a packet capture and look at the RADIUS attributes that are sent from the WLC.
Some WLCs will use Called-Station-ID. Others, like Aruba, use a VSA called "Aruba-ESSID".
Once you know which attribute the SSID is sent in, you can then create a RADIUS Request Attribute policy to select the correct realm or use it for role mapping rules.
Hope this helps