Re: Same IAS, Same AP, different laptop solution
- From: "News Users" <tim@xxxxxxxxxxxxxxxx>
- Date: Thu, 30 Jun 2005 08:34:23 +0100
Hi
Not different raduis servers. Thats the problem. Same radius server, same
AP, only different SSIDs.
I need the IAS policy to seperate the difference between one client and
another.
At the moment all the user has to do is change the SSID from one to another
and can log on because the IAS policy for both SSID's can only confirm that
the user is in a policy which has wireless access.
I need the IAS server/Policy to say when someone logons onto SSID A, hang
on, your policy is for SSID B not SSID A you cant logon.
Tim
"Mark Gamache" <mark.gamache@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eF9AuxOfFHA.3448@xxxxxxxxxxxxxxxxxxxxxxx
> so you want different authentication mechanisms depending on the SSID?
>
> To do this, you must create remote access policies that are a bit more
> complex. If you are saying that you want different SSIDs to use different
> IAS servers, then you need to use connection request policies in IAS.
> This allows IAS to act as a RADIUS proxy. It can make decisions as to
> which IAS server will process the connection request.
>
> I could help more if you gave more details on what you are trying to
> achieve exactly. Will different SSIDs be authenticated by different
> organizations?
>
> Cheers,
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "News Users" <tim@xxxxxxxxxxxxxxxx> wrote in message
> news:u1djeeKfFHA.3848@xxxxxxxxxxxxxxxxxxxxxxx
>>I have read this:
>>
>> http://www.microsoft.com/downloads/details.aspx?FamilyId=C9ED3609-49FC-439B-92F4-266B187CAE5A&displaylang=en
>>
>> "Deploying Windows Server 2003 Internet Authentication Service (IAS) with
>> Virtual Local Area Networks (VLANs)"
>>
>> But that is assuming that the IAS can tell the AP what Vlan the client
>> should be in.
>>
>> The intermec APs as far as I can see can only LOCK a SSID into one Vlan.
>>
>> The need the IAS server to disagree that a client can not use that Vlan /
>> SSID but can use the other Vlan / SSID that is on the other virual AP
>>
>> "News Users" <tim@xxxxxxxxxxxxxxxx> wrote in message
>> news:%23ZfXdeIfFHA.3940@xxxxxxxxxxxxxxxxxxxxxxx
>>>I have some Intermec Access points that allow you to run up to 4 SSID's
>>>with Vlan tagging per SSID on the same radio channel.
>>>
>>> The AP's can authenticate the wireless clients via an IAS server (PEAP)
>>>
>>> The problem I have is that the AP still uses the same IAS server and
>>> policy regardless of SSID. I need to be able to configure a variable in
>>> the IAS policy that says a user can or cant access a certain SSID.
>>>
>>> At the moment, if a user on SSID A wanted to logon to SSID B they just
>>> need to change the properties on the client and the AP/IAS will let them
>>> in.
>>>
>>> Anyone had to do this before, or can think of a policy setting that
>>> could split APs?
>>>
>>> Cheers
>>>
>>> Tim
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>
.
- References:
- Same IAS, Same AP, different laptop solution
- From: News Users
- Re: Same IAS, Same AP, different laptop solution
- From: News Users
- Re: Same IAS, Same AP, different laptop solution
- From: Mark Gamache
- Same IAS, Same AP, different laptop solution
- Prev by Date: Re: Same IAS, Same AP, different laptop solution
- Next by Date: Create a client to connect to Radius Server
- Previous by thread: Re: Same IAS, Same AP, different laptop solution
- Next by thread: Re: Same IAS, Same AP, different laptop solution
- Index(es):
Relevant Pages
|
