Aaron at cisco
May 18, 2005, 9:04 AM
Post #2 of 2
Hi again Marina,
Re: Per-user authorization and Wifi ? Not Possible ?
[In reply to]
Continuing on our basic theme here ... the access point being
a layer 2 device, per-user attributes are supported; however,
those have to be attributes that are applicable to layer 1/2 not
layer 3 attributes.
For example, you can assign VLAN ID on a per user basis.
>I have a general question about AAA Wifi and Cisco
>In theory, it is possible for a NAS to honore and send a lot of RADIUS
>and VSA attributes, to permit precise per-user authorization tunning
>(for exemple per-user ACL, with Filter-Id or VSA...). But in the case
>where the NAS is an Access-Point, is it possible to manage authorization
>like this too ?
>I'm working on a Cisco Aironet 1200, and in the doc they said that it's
>possible to use per-user authorization for Administrative users of the
>access-point, but they say nothing about normal users (ie: Wifi users),
>and the listed supported Radius attributes are not including the ones
>needed to do that.
>Is there AAA limitations about Wifi ?
>Is it impossible to use the RADIUS authorization features in Wireless
>domain (maybe the problem is that an AP is more a 2-layer equipement) ?
>Maybe some Access-Point can do that and some others can't ?
>Thanks in advance