Making I.T that little bit easier !
A Quick Guide on how to Setup Radius for Multiple SSID's Using multiple network policy and active directory groups . This has been done on a AeroHive AP .
Our new wireless system is as Follows
Both the Guest and Staff SSID are using captive portal . We ideally wanted only members of the Active Directory Group "Staff" to be able to access the StaffSSID .
The guest SSID is open authentication is only accessible for Users in the Guest Group SSID ( currently 1 account )
This is achievable quite easy using Radius for Windows 2008 .
1.) Install Network Policy & Access Services , register the services with the AD server .
2.) Setup All your SSID's on your aerohive device , point it to an external Radius server , make sure you use the correct Shared Secret
3.) Now connect to one of the SSID's , and try loging in to the Captive Portal with a AD username ( repeat this on each SSID ).
4.) Browse to the event viewer on the server , look at the logs for Network Poilicy & access and look at the failed logon attempt .
You should see a line like the following for each SSID
<pre class="brush:bash">" Called Station Identifier: 20-18-B1-AG-50-6B:GuestAccess"</pre>
5.) The above is the station identifier for the GuestAccess SSID , this will allow us to assign a Policy to this specific ID .
6.) Create a new Network Policy , Under Conditions you should have enabled
"User groups DOMAIN\GUESTS"
"Called STATION ID 20-18-B1-AG-50-6B:GuestAccess"
7.) The above enabled will allow any one on the GuestAccess SSID and using an account from the Guests Group access to login and browse the web .