I forgot to say that we use H-REAP so we do not authenticate it in the WLC
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV - Superintendência de Serviços Compartilhados
Sistema FIESC
Rod. Admar Gonzaga, 2765 - Itacorubi - 88034-001 - Florianópolis - SC
Fone (48) 32314699 - Ramal 44699
http://www.sistemafiesc.com.br
Em 12/07/2013 12:14, Olivier Beytrison escreveu:
On 12.07.2013 17:03, Gustavo Vieira Oliveira wrote:
I need some help with RADIUS regarding Wireless authentication with
RADIUS + LDAP.
Hello. which version of freeradius are you running ?
I need to check if the user has permission to connect to a specific
SSID, so we check a LDAP attribute for that.
Pretty easy
By that, we need to know from which SSID the authentication is being
requested so we use a specific LDAP Filter to search the base and grant
or deny the permission.
We tried to use two instances of RADIUS, one per SSID, but the Wireless
Controller doesn't seem to support it (supports only one AAA per AP).
oh what ?
That's why i'm asking for help in case you people have some alternatives
or ideas to solve it.
The setup is based on Cisco Wireless Controller 5508.
I'm also setting up WLC-5508 right now on my side.
First, the AAA servers are defined per SSID. So you can specify
different radius servers (or simply ports) for each SSID
Secondly, you can now customize the NAS-Identifier on a per SSID basis
(at least in release 7.4)
Finally, the Called-Station-Id will contain the SSID name. If you use
the policy rewrite_called_station_id it will populate the attribute
Called-Station-SSID with the SSID Name.
So all the tools to do it easily are in your hands.
Olivier
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
