Hi,
I have a customer using Cisco WLC5508 and Cisco ACS 5.4. They have a corporate SSID configured on the WLC which authenticates through the ACS Server using Certificate Based Authentication with AD.
They now have a requirement to have an additional SSID created for users to connect their mobile phones (IOS/Android) and users should be prompted for a username and password, once they enter their domain user credentials they should be allowed access to the internet. For this SSID, a separate Layer 2 VLAN has been created which is allowed internet access only.
I am trying to follow a past post but it is kind of old and does not use AD authentication:
https://supportforums.cisco.com/t5/wireless-mobility-documents/how-to-configure-wireless-lan-controller-wlc-authentication-for/ta-p/3120657
I tried to create an additional Selection Profile on the ACS but it was causing the Corporate SSID to stop working (certificate based authentication)
I will need some help as how to match the following:
1. Radius attribute to match the new SSID
2. Authenticate the users through Active Dirctory
3. Once authenticated, the user should be placed in the new Layer 2 VLAN
Any support or reference will be highly appreciated as I will be visiting the customer again on Monday.
Thank you,
Kind regards.