1. Home
  2. Cisco Systems
  3. Wireless Control System, Radius, and controller configuration

Wireless Control System, Radius, and controller configuration

We're just starting with the cisco Wireless Control System. We'd like to utilize it as follows:

User logs in to the login.html bundle. The bundle passes off username/ password to our wireless radius server, which returns success/fail and, if success, the SSID the user should be assigned to, if fail, the "guest" SSID.

How can we configure the controller's radius client to accept the SSID for the user and the user's ID, so that the user can associate with the access point geographically appropriate for the user?

Thank you!

Reply to
carcarx
Loading thread data ...

~ We're just starting with the cisco Wireless Control System. We'd like ~ to utilize it as follows: ~ ~ User logs in to the login.html bundle. The bundle passes off username/ ~ password to our wireless radius ~ server, which returns success/fail and, if success, the SSID the user ~ should be assigned to, if fail, the ~ "guest" SSID. ~ ~ How can we configure the controller's radius client to accept the SSID ~ for the user and the user's ID, so that the user can associate with ~ the access point geographically appropriate for the user? ~ ~ Thank you!

This isn't behavior that you can control from the infrastructure side - it's up to the client device to decide which SSID it will try to associate to, and which AP within that SSID to use.

Aaron

Reply to
Aaron Leonard

Thanks, Aaron! Looks like cisco document ID 71683 tells me what I needed to know!

Reply to
carcarx

Hi there,

Im sysadmin for 6-7 years with big experience in radius in general, also made my own radius + oracle + wifi + wired solution so if you have any questions, i have some free time for few days so you can contact me on mail.

Damir

Reply to
sircco

Hvala, Damire!

Do you have any Perl code that stuffs a buffer with both the access- accept and VLAN attributes, along the lines of:

my $resp = new RADIUS::Packet $d; $resp->set_code('Access-Accept'); $resp->set_attr('Tunnel-Type','VLAN'); $resp->set_attr('Tunnel-Medium-Type','802'); $resp->set_attr('Tunnel-Private-Group',"123");

my $respdat = auth_resp($resp->pack, "mysecret");

Hvala mnogo!

Reply to
carcarx

Is this maybe Radiator radius server we're talking about? Whatever it is I suggest you do the following Make realm or handler or anything else that will filter your specific group of users you're trying to handle and

do

AddToReply Tunnel-Type = VLAN, \\ Tunnel-Medium-Type = 802, Tunnel-Private-group = 123

If you give me your specific radiator implementation i can give you more specific answer. Also if you are planning to use database for all of your authentication then its similar implementation,but i can explain.

Damir

Reply to
sircco

No. It'll be FreeRadius on Linux.

The "hook" Free Radius gives us is rlm_perl and that's fine. I can deal with the db just fine.

Reply to
carcarx

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.