Wireless 802.1x criteria for multiple SSIDs
Hello.
We currently have 1 SSID that has 1 policy in NPS that lets us select the criteria that they must meet to connect. However we want to change this to lets say 3 SSIDs which the following users can connect to:
SSID1, interface1
UserA
UserB
SSID2, interface2
UserA
UserC
SSID3, interface3
UserD
UserC
From what I can gather, vendor specific attributes don't do exactly what I'm after. Looking here, Cisco Airespace VSAs on MS IAS Radius Server Configuration Example - Cisco Systems it seems that these will override what I've configured on our Cisco WLC. I.e. it will change the configured SSIDs interface to the one that it matches first in NPS? Therefore a single user can't have access to both SSIDs and their configured interface.
What I'm after is for UserA to connect to SSID1 they also get the configured interface for that SSID. Same for SSID2 but if they try to connect to SSID3 then they would get refused as they are not part of the required group.
Can anyone point me in the right direction?
Thanks.
Edit: Don't know why I didn't find this when I searched for this before talking to the server team. It turns out the SSID is included in the DNIS or called-station ID. Has anyone successfully done it this way?
We currently have 1 SSID that has 1 policy in NPS that lets us select the criteria that they must meet to connect. However we want to change this to lets say 3 SSIDs which the following users can connect to:
SSID1, interface1
UserA
UserB
SSID2, interface2
UserA
UserC
SSID3, interface3
UserD
UserC
From what I can gather, vendor specific attributes don't do exactly what I'm after. Looking here, Cisco Airespace VSAs on MS IAS Radius Server Configuration Example - Cisco Systems it seems that these will override what I've configured on our Cisco WLC. I.e. it will change the configured SSIDs interface to the one that it matches first in NPS? Therefore a single user can't have access to both SSIDs and their configured interface.
What I'm after is for UserA to connect to SSID1 they also get the configured interface for that SSID. Same for SSID2 but if they try to connect to SSID3 then they would get refused as they are not part of the required group.
Can anyone point me in the right direction?
Thanks.
Edit: Don't know why I didn't find this when I searched for this before talking to the server team. It turns out the SSID is included in the DNIS or called-station ID. Has anyone successfully done it this way?