[cisco-nas] Per-user authorization and Wifi ? Not Possible ?

Aaron Leonard Aaron at cisco.com
Wed May 18 12:04:37 EDT 2005


Hi again Marina,

Continuing on our basic theme here ... the access point being
a layer 2 device, per-user attributes are supported; however,
those have to be attributes that are applicable to layer 1/2 not
layer 3 attributes.

For example, you can assign VLAN ID on a per user basis.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_installation_and_configuration_guide_chapter09186a0080101c43.html#1038739

Regards,

Aaron

---


>Hello,
>
>I have a general question about AAA Wifi and Cisco
>
>In theory, it is possible for a NAS to honore and send a lot of RADIUS 
>and VSA attributes, to permit precise per-user authorization tunning 
>(for exemple per-user ACL, with Filter-Id or VSA...). But in the case 
>where the NAS is an Access-Point, is it possible to manage authorization 
>like this too ?
>
>I'm working on a Cisco Aironet 1200, and in the doc they said that it's 
>possible to use per-user authorization for Administrative users of the 
>access-point, but they say nothing about normal users (ie: Wifi users), 
>and the listed supported Radius attributes are not including the ones 
>needed to do that.
>
>Is there AAA limitations about Wifi ?
>Is it impossible to use the RADIUS authorization features in Wireless 
>domain (maybe the problem is that an AP is more a 2-layer equipement) ?
>Maybe some Access-Point can do that and some others can't ?
>
>Thanks in advance
>
>  
>



More information about the cisco-nas mailing list