Pulvinar tempor cras amet ac turpis tristique tristique ... (read more)close
Pulvinar tempor cras amet ac turpis tristique tristique ... (read more)close

LukeTaylor.org Blog

Making I.T that little bit easier !

Radius Setup - Multiple Network Policies Different SSID's AeroHive

by in Windows Blog
  • Font size: Larger Smaller
  • Hits: 7742
  • 0 Comments
  • Subscribe to this entry
  • Print
7742

b2ap3_thumbnail_aerohive_logo.jpg 

 

A Quick Guide on how to Setup Radius for Multiple SSID's Using multiple network policy and active directory groups . This has been done on a AeroHive AP .

Our new wireless system is as Follows

GuestSSID

StafSSID

AdminSSID

 

 

Both the Guest and Staff SSID are using captive portal . We ideally wanted only members of the Active Directory Group "Staff" to be able to access the StaffSSID .


The guest SSID is open authentication is only accessible for Users in the Guest Group SSID ( currently 1 account )


This is achievable quite easy using Radius for Windows 2008 .

 

1.) Install Network Policy & Access  Services , register the services with the AD server .


2.) Setup All your SSID's on your aerohive device , point it to an external Radius server , make sure you use the correct Shared Secret


3.) Now connect to one of the SSID's , and try loging in to the Captive Portal with a AD username ( repeat this on each SSID ).

4.) Browse to the event viewer on the server , look at the logs for Network Poilicy & access and look at the failed logon attempt .
 You should see a line like the following for each SSID


 <pre class="brush:bash">" Called Station Identifier:        20-18-B1-AG-50-6B:GuestAccess"</pre>

5.) The above is the station identifier for the GuestAccess SSID , this will allow us to assign a Policy to this specific ID .


6.) Create a new Network Policy , Under Conditions you should have enabled

"User groups DOMAIN\GUESTS"

"Called STATION ID 20-18-B1-AG-50-6B:GuestAccess"

7.) The above enabled will allow any one on the GuestAccess SSID and using an account from the Guests Group access to login and browse the web .

 

Rate this blog entry:
0

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Friday, 15 November 2019