Aaron at cisco
May 18, 2005, 9:04 AM
Post #2 of 2
(1263 views)
Permalink
|
|
Re: Per-user authorization and Wifi ? Not Possible ?
[In reply to]
|
|
Hi again Marina,
Continuing on our basic theme here ... the access point being
a layer 2 device, per-user attributes are supported; however,
those have to be attributes that are applicable to layer 1/2 not
layer 3 attributes.
For example, you can assign VLAN ID on a per user basis.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_installation_and_configuration_guide_chapter09186a0080101c43.html#1038739
Regards,
Aaron
---
>Hello,
>
>I have a general question about AAA Wifi and Cisco
>
>In theory, it is possible for a NAS to honore and send a lot of RADIUS
>and VSA attributes, to permit precise per-user authorization tunning
>(for exemple per-user ACL, with Filter-Id or VSA...). But in the case
>where the NAS is an Access-Point, is it possible to manage authorization
>like this too ?
>
>I'm working on a Cisco Aironet 1200, and in the doc they said that it's
>possible to use per-user authorization for Administrative users of the
>access-point, but they say nothing about normal users (ie: Wifi users),
>and the listed supported Radius attributes are not including the ones
>needed to do that.
>
>Is there AAA limitations about Wifi ?
>Is it impossible to use the RADIUS authorization features in Wireless
>domain (maybe the problem is that an AP is more a 2-layer equipement) ?
>Maybe some Access-Point can do that and some others can't ?
>
>Thanks in advance
>
>
>
|
