[cisco-nas] Accounting problem with Cisco Aironet 1200
Aaron Leonard
Aaron at cisco.com
Thu May 19 12:33:52 EDT 2005
Mathieu Benard wrote:
>Aaron Leonard wrote :
>
>
>
>>Meantime, the best practice would be to assign different classes
>>of users to different VLANs (as mentioned in my last posting).
>>
>>
>
>Thanks for your answer Aaron.
>
>Correct me if I'm wrong but what you say implies: if I need to define
>per-user authorizations (and not only authorizations for classes of
>users), then I would have to configure some VLANs for single users ?
>
Correct - and you would quickly run into our APs' 16-VLAN limitation.
>In
>this case, would not a VPN-based solution be simpler than Radius ?
>
>
>
Using an IPsec-based VPN over WLAN, rather than WLAN-based security,
does have its attractions. It would allow you to customize your security
policy on a per-user basis, and would spare you having to worry about
the myriad of EAP flavors.
Regards,
Aaron
More information about the cisco-nas
mailing list