I have a WLC that currently authenticates employees against an ACS via 802.1x/AD.
I've added a second WLAN for guest access and have setup the WLC web authentication to pass credentials to the ACS. I've created a local identity store on the ACS for guests.
The problem I am having is the local user is being denied access because it is matching to the Access Service that the employees use.
If I move the Guest rule to the top of the access service selection, it works, but it breaks the employee wireless.
I've looked at all the available fields on the rules and I dont see how I can differentiate between two different WLANs coming from the same device. I tried matching IP range, but when looking at the troubleshooting the IP field is blank, and the MAC field shows the IP of the end point. I'm wondering if this is because the WLC is proxying the authentication requests.
does any one have suggestions on how to differentiate between the WLANs?
I've added a second WLAN for guest access and have setup the WLC web authentication to pass credentials to the ACS. I've created a local identity store on the ACS for guests.
The problem I am having is the local user is being denied access because it is matching to the Access Service that the employees use.
If I move the Guest rule to the top of the access service selection, it works, but it breaks the employee wireless.
I've looked at all the available fields on the rules and I dont see how I can differentiate between two different WLANs coming from the same device. I tried matching IP range, but when looking at the troubleshooting the IP field is blank, and the MAC field shows the IP of the end point. I'm wondering if this is because the WLC is proxying the authentication requests.
does any one have suggestions on how to differentiate between the WLANs?