Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UAC + WLC + detect SSID

der2of6_
Occasional Contributor
‎07-08-2014 02:28:AM
‎07-08-2014 02:28:AM

UAC + WLC + detect SSID

Hi,

 

IÍm setting up a new WLAN with a WLC880R and an IC 4500.

 

I've 3 SSIDs:

 

SSID A: Local LAN on the Switch (no vlan ID)

SSID B: Local VLAN on the Switch (id: 1000)

SSID C: Tunnel to WLC with local LAN and Sign-In Page on the WLC

 

The Network basic Setup is working (Sign-IN Page with local User on the WLC, connecting to the right VLAN based on the SSID. The SSID is protected by WPA-PSK for testing)

 

SSIDs A and B should be authenticated against an AD via UAC.

A with Username+Password (+ certificate)

B with Username+Password

 

SSID C against a local Database on the UAC.

 

Can I identify the on the UAC from witch SSID the user tries to connect to WLAN?

With this information, it should be possible to write 3 different rule-sets?

Is this scenario possible?

 

Regards

Sebastian

0 Kudos
4 REPLIES 4
Raveen_
Regular Contributor
‎07-08-2014 02:34:AM
‎07-08-2014 02:34:AM

Re: UAC + WLC + detect SSID

Hello Sebastian

 

Yes your requirement should be possible.

Typically, SSID is sent from WLC using radius attribute Called-Station-ID.

 

You need create radius request attribute policy and match above said attribute for realm selection.

Based on ream selection you could assign authentication database.

Hope this helps!

 

Regards,

Raveen

0 Kudos
kalagesan_
Super Contributor
‎07-08-2014 08:28:PM
‎07-08-2014 08:28:PM

Re: UAC + WLC + detect SSID

Yes this is possible and I have seen this working in many sites

 

You need to have Radius attribute request policies configured for each SSID and enable this request policues under respective relams under Authentication Policy section  where we have authentication server and role mapping rules also enabled.

 

You can  access the below URL;s to understand more on 

RADIUS Request Attribute Policies &  Using RADIUS Attributes in Access Policies

 

http://www.juniper.net/techpubs/en_US/uac5.0/topics/concept/uac-l2-radius-request-attributes-overvie...

 

http://www.juniper.net/techpubs/en_US/uac5.0/topics/task/configuration/uac-l2-radius-attributes-poli...

 

Hope this helps,

 

Regards,

Kannan

0 Kudos
ofozdemir
Occasional Visitor
‎07-26-2018 04:00:AM
‎07-26-2018 04:00:AM

Re: UAC + WLC + detect SSID

Hello,

 

I'm trying to differentiate users regarding their SSID names but Called-Station-ID does not work. Can you please help me?

 

Omer

 

0 Kudos
cbrauckmiller
Frequent Contributor
‎08-06-2018 11:40:AM
‎08-06-2018 11:40:AM

Re: UAC + WLC + detect SSID

Take a packet capture and look at the RADIUS attributes that are sent from the WLC.

 

Some WLCs will use Called-Station-ID.  Others, like Aruba, use a VSA called "Aruba-ESSID".

 

Once you know which attribute the SSID is sent in, you can then create a RADIUS Request Attribute policy to select the correct realm or use it for role mapping rules.

 

Hope this helps

 

Thanks

 

Craig

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.