Differentiate between wireless lans

We are using ACS 5.2 as a radius server for our wireless network. Our current wireless lan is wpa2 with 802.1x enabled. ACS is checking against AD. We would like to setup a new wireless ssid for internal staff that we would grant permission to use. It would be less firewalled, and the staff member needs to sign a form to use it. So two questions..
1. How do we differentiate between the ssids when the radius requests come in? When someone trys to connect to the internal staff ssid and trys to auth, how can we separate that out from the rest of the wireless connections?
2. How do we only grant permission to certain people? We would want to add the username to the internal users group, but have the password auth against AD instead of typing one in.
Thanks for any help you guys can give.

Hi,
When a RADIUS request arrives to the ACS it contains the ssid the user is trying to connect to.
Please take a look at this document where it explains that the ssid name in present on the RADIUS attribute 30 called-station-ID:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml.
Using ACS 5.x, you need to create a rule that compares that attribute with the ssid name you want to filter.
Please take a look at the screenshot example:
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

Similar Messages

Inline Posture between Cisco ISE and Wireless LAN Controller

Hi,
I was looking into Cisco ISE solution for deploying NAC.
I have a question about the network topology.
In the user guide documents of cisco ISE, it is written that for Wireless LAN Controllers (WLC) and VPN devices, an additional server, Inline Posture, is needed.
However, in the following integration document, there is not an inline posture between WLC and Cisco ISE server.
https://supportforums.cisco.com/docs/DOC-18121
I want to know if Inline Posture is a requirement, if not a requirement, what are the benefits of having it between Cisco ISE Server and WLC.
Thanks & Regards
Sinan

Hello,
Please go through below mentioned links which might be helpful for you.
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_ipep_deploy.html
http://www.cisco.com/en/US/docs/security/ise/1.2/installation_guide/ise_deploy.html
Best Regards,

Voice over IP Roaming problems between 2 Wireless Lan Controllers.

Hello,
we have problems with Voice over IP roaming between 2 Wireless Lan Controllers, this problem is not always happening. I have attached the detailed configuration. We are using LWAPP 1242 & WLC 2106 Controllers.
The phones they are using are Siemens Enterprise optiPoint WL2.
Is there maybe something wrong with the configuration our can I try some different settings?
Regards,
Jordy Broekhuizen

When a wireless client associates and authenticates to a WLC, it places an entry for that client in its client database. This entry includes the MAC and IP addresses of the client, security context and associations, quality of service (QoS) contexts, the WLAN, and the associated LAP. When a client roams to another LAP associated to the same WLC, it just updates the client database with the new LAP information so that the data can be forwarded appropriately to the client. When a client roams to a LAP associated with a different WLC, either in same or different subnets, it sends the information in the client database to the new WLC. This helps client to retain its IP address across roams and maintain uninterrupted TCP sessions. For more information on roaming in the WLC environment.
For the further description following URL for the WLC may help you
http://www.cisco.com/en/US/docs/wireless/controller/5.1/configuration/guide/c51ovrv.html

Best Practice for DHCP when Anchoring to a Guest Wireless LAN Controller

Hi all,
I'm interested in the communities opinion in relation to DHCP provisioning when using auto-anchor/guest tunneling.
As far as I can tell, one cannot use the internal DHCP on the anchor controller when using auto-anchor due to incompatibility between the auto-anchor feature and DHCP Option 82.
The scenario is as follows:
Guest controller is the anchor which provides Internet access to guests.
There is a foreign controller which is configured to anchor to the guest controller.
The internal DHCP server is configured on the guest anchor controller, therefore DHCP proxy must be enabled for DHCP to work.
DHCP proxy enables Option 82.
The guidlines for guest tunneling state that DHCP Option 82 isn't supported. (Ref: Deploying and Troubleshooting Cisco Wireless LAN Controllers - Ch14)
So, the internal DHCP server requires DHCP proxy to be enabled; this in turn enables Option 82, which stops DHCP leases being made to clients connected to the foreign controller.
Given that a guest WLC would normally be placed in a DMZ, the internal DHCP server may often be the only DHCP solution available.
I look forward to hearing your opinions.
Thanks
Rhodri Jenkins

There are a couple of options here if you need to get proxy disabled
1) pinhole with an ACL that allows dhcp to pass your internal servers
2) run dhcp on a switch, router, or firewall in the dmz
3) if you are using a cab,e modem or dsl for the guest users, you can let that do the dhcp
In general I've seen most of these in play, but I like option 2 myself
Sent from Cisco Technical Support iPad App

How to replace the certificate of Cisco 2106 wireless LAN controller for CAPWAP ?

I have interested in CAPWAP feature and I download the open capwap project to make Access Controller (AC) and Wireless Terminal Point (WTP). I had built the AC which used PC and WTP which used Atheros AP. The CAPWAP feature work well when I enabled the CAPWAP that used my own AC and WTP. When I got the Cisco 2106 wireless LAN controller (Cisco WLC), I configured the Cisco WLC to instead my own AC but I got the authorize fail in Cisco WLC side. It seem the Cisco WLC could not recognize the CAPWAP message which sent form my own WTP. I think this issue just need to synchronize the certificate between Cisco WLC and WTP.So I need to replace the Cisco WLC's certificate manually. Does anyone know how to replace the certificate manually with Cisco WLC ?
Best Regards,
Alan

Unfortunately this Support Community is for Cisco Small Business & Small Business Pro product offerings. The WLC2106 is a traditional Cisco product. You can find this type of support on the Cisco NetPro Forum for all traditional Cisco products.
Best Regards,
Glenn

Can cisco CAP2702i connect to Cisco3850 switch with wireless LAN controller license via another switch ?

If i connect cisco AP - CAP2702i to another switch, and use trunk port between Cisco3850 and the other switch , can the AP able to register with Cisco3850 with wireless LAN controller ? or the AP has to directly connect to Cisco3850 in order to register?

The AP and 3850 wireless management are in same Vlan( vlan202). The AP is new unit and did not join MC before.
What i did on 3850 :
input command - wireless management interface vlan 202
- ap cdp
- wireless mobility controller
Is there any config i miss out on 3850 and any config need to be set on AP ?
From Ap console output show me "could not discover WLC using dhcp ip". Is it due to AP dont have IP address? If AP register with WLC through layer 2 , i believe there is no related with IP.Correct me if i'm wrong.
Due to the 3850 is not a POE, the AP unable directly connect to 3850 . I guess have to use power adapter to power on the AP.

G400 Wireless LAN and Bluetooth Drivers

Hi Sir/Ma'am,
Good Day,
Apologies for such a noob question. Actually, I was planning to reformat my laptop however, I am getting confused as to why there are 2 drivers for wireless lan and as well as bluetooth drivers (based from the Lenov Drivers site)
For Wireless Driver:
Theres a: Intel and b: Atheros,Broadcom,Realtek
For Bluetooth:
There's a Intel and b Liteon/Atheros, Broadcom
Please refer to screenshot.
Just want to clarify, do I need to install both of these drivers or just choose 1 (between the Intel and the Atheros/Broadcom).
Apologies for the noob question.
God Bless,
Thanks

OK:
You need these drivers...
Wireless:
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-142231-1&cc=us&dlc=en&lc=en...
Bleutooth:
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-139921-1&cc=us&dlc=en&lc=en...

Two wireless LANs?

Hi all,
I recently picked up a 2504 wireless controller and two 3702i APs. It is all for my home, and I will be connecting it all soon. I simply want to create two wireless networks; one for "production" and one "guest" network, which will allow internet access and nothing more. I'd like that to be for phones, iPads, game consoles, etc...
I've found that many of those types of devices don't work on the 5GHz band, so I would like to make the production network 5GHz while the guest network would be 2.4GHz.
My first question is... Can I do this?
My second question is... If so, how?
And my last question is... How do I ensure that devices connected to guest have no access to the production network?
Any other questions I should be asking?
Thanks!

yup!
1) On the WLC create 2 dynamic interfaces and give them each an IP address. These very interfaces are the gateway between the wired and wireless lan controller. Then you can tie the dynamic interfaces to WLC ports.
2) On the switch you will want to add these 2 vlans and connect them to the respected ports.
See the config guide for step by step. Its not really hard.
You can configure WLANs one for production and one for guest. You can even do your own personal guest page of you like. Check out WebAuth on a cisco WLC.
As for securing the guest from the production. On the wired side SVI you can put a simple ACL.
Hope this helps

2 wireless lan controlers 1 guest webpage

hello every one
is it possible to have 2 wireless lan controller and 1 webpage.
but with no external of radius server.

Be sure to have enough license on DMZ WLC.
Internal WLC –FW1—DMZ WLC- FW2—Internet – OEAP600
FW1: UDP 16666, 67 bi-directional between WLCs, IP protocol 97 bi-directional between WLCs.
           Tcp 80/443, 22 to dmz WLC from internal
           Udp 69 to wcs from dmz wlc
           Udp 161 to dmz wlc from wcs
           Udp 1812, 1813 to cisco acs from dmz wlc
FW2: Allow UDP 5246, 5247 to DMZ WLC from Internet.

Best way to extend wireless LAN into neighboring cottage

Greetings wireless gurus...
I have an existing wireless LAN set up in my house using an AEBS. It works very well. Now I'd like to extend coverage into a neighboring cottage.
There's about 25 feet of open space between the two structures. The AEBS is placed at the point inside the house closest to the cottage, so the signal currently must tunnel through 2 stucco walls. I currently get a mediocre signal within the cottage & would like to improve it. For various reasons, I don't want to run an Ethernet cable across the open space.
What do you recommend?
Should I buy an external antenna for the AEBS, perhaps mounting it somewhere on the outside wall of the house?
Should I install an AirPort Express somewhere inside the cottage?
As an additional complication, my AEBS is operating on channel 1 while I have neighbors who use channels 6 and 11; what channel should I operate a 2nd access point on?
Thanks in advance for your help.
Regards...
zenbum

Extending the wireless network with an Airport Express inside the cottage won't help - it would have the same problem picking up a signal that a Mac located inside the cottage has. To do any good, the Airport Express device would have to be located outside at some point midway between the house and the cottage. Clearly, an impractical solution.
An external antenna attached to the Base Station might help - see the products at http://www.quickertek.com/ . The external antennas sold via the Apple store provide disappointing performance according to most user reports here.
Another option, if the cottage derives its power supply connection from the main house, is to use the "HomePlug" power line networking solution. I'll leave it to you to research that option, which uses a method completely unrelated to WiFi wireless networking to distribute a wireless connection throughout a home via the existing electrical cables.

To establish a wireless LAN.......

I want to establish a wireless LAN in between six different buildings. Distance between each buildings is approx 300 to 400 meters. This is my office campus and situated near sea side. Please suggest which cisco product is suilable for me.

Wireless Bridges Point-to-Point Link Configuration Example

PDASync over wireless LAN or WAN

Hi,
Is it possible to use PDASync over wireless LAN (using 802.11b
card/attachment from Palm or Handspring device) or wireless WAN (CDPD or
CDMA modem)?
I know that currently it is used via the serial port on a Solaris
workstation for sync ... but interested to do the same over a wireless
network ..
Any info will be helpful ...
Thanks,
Sailen
[email protected]

Thanks for the reply.
I think that is the solution I was looking at. I think the WAN-LAN was 192.168.2.1, but I will be setting up a CAT5 from room to room between routers.
Ok. I guess here lies my confusion from what I read, as well as my utter lack of knowledge plaing its part.
If I disconnect the WRT600 from my desktop and hook up the WRT54G (with no other connections to the interenet), how do I set the IP without first resetting the webinterface logon from the WRT600 to the WRT54G. If I just logon as normal, it will be, and is, the WRT600 webinterface with all the WRT600 advanced settings. (I did use the same username for both routers. Could that be the issue?)
Or is my thinking incorrect, which it might be, in that the webinterface login, currently set to the WRT600, and currently displaying all the settings for the WRT600, is supposed to change when I connect the WRT54G. It does not, when logging in as normal.
This is where I think I read about resetting the router preferences to allow for the 'admin' logon to be reset to what would be the WRT54G preferences, which are different, but would allow for changing the DHCP and IP.
Possibly my issue is How. How do I get back to the WRT54G webinterface to make these changes?
If I go to 192.168.1.1, as stated already, it will be the WRT600 logon.
Thanks
ORA

Wireless LAN for SMB

Dear all,
My company planning to use WLAN instead of using LAN for the coming next few years.
I'm doing research on how and what to do if want to use WLAN in our company for around 100 users.
Appreciate if WLAN experts could provide some info needed.
Tq!

My company planning to use WLAN instead of using LAN for the coming next few years.
Bad decision. For the time being, you cannot replace wired LAN with wireless.
There's a major weakness with wireless LAN: Wireless LAN behaves like a hub. When one talks everyone else stops to listen and waits for their turn.
In a fully-wireless LAN environment one has to constantly monitor the state of your wireless APs: contention ration between users to an AP, channel interferrence, signal strengths, etc. Wired LAN and wireless LAN go hand-in-hand. There are reasons why you want to use wireless and this is purely mobility. If you are mostly sitting behind your desk, then wired is the way to go.
The reason why your company wants to go wireless is the cost to roll out a site with wired infrastructure. We've tried this. We've talked the clown who made this decision but he wasn't listening. So what we did was take a step back, sold tickets and popcorn. When the time came to turn this setup on, we just watched the fireworks go up.
Please consider this: If you have a wired and wireless LAN and if your WLAN fails, what is your backup/fallback? Your wired LAN right? Ok. Now if you are fully wireless LAN and you don't have wired LAN to your desktop and your WLAN fails. What is your backup/fallback?

Wireless LAN driver can't load after BIOS update NB550D

Hi
I have a new NB550D and have jst installed the recommended BIOS update. Now the Wireless LAN driver can't load (error code 31).
I tried installing the lestest driver off the Toshiba website but it still can't be loaded by Windows...
Everything was fine before this! Any ideas?

> In the Device Manager the Atheros Wireless is shown
This means that the Wlan driver was installed properly and the issue could be related to configuration between Wlan card and Wlan router.
You should check if the notebook can connect to Wlan router without the usage of any encryption settings.
Disable the WEP/WPA encryption and test the connectivity. Of course this should be done only for test attempts.
Are you sure that the Wlan is enabled? Enable this using FN + F8

HP Officejet 6500, Windows XP and 7, wireless LAN security code is not accepted

The security code of my wireless LAN is not accepted by the HP6500A. According to the diagnostic software of HP a code consisting of more than 50 characters is required (the total number of characters can not be identified because the code isgoing on out of the window). The security code of the route consists of 12 characters. Resetting the printer is not solving the problem.
This problem was identified after rinstalling the software after problems with printing: connection with the printer was identified; message: "busy with printing", but no printing result at all.

Security codes can be in ASCII or HEX. I'm guessing that the diagnostics is reporting HEX and the printer entry is in ASCII.
You can try running the diagnostics SW on the Windows 7 computer. It might return the key in ASCII.
A good option is to get the password from somewhere other than the diagnostics. Maybe you stored it somewhere or wrote it down? Once you get it try to enter from the front panel.
Can I get a little information from you?
What router brand model?
What security mode are you using (WEP, WPA, WPA2)?
Which model of the 6500 do you have (6500 or 6500a)?
Please mark the post that solves your problem as "Accepted Solution"
Sometimes it takes several posts back and forth to get to a solution - please be patient.
I am employed by HP

Differentiate between wireless lans

Similar Messages

Maybe you are looking for