Powered by Jitbit AspNetForum free trial version.
home recent topics recent posts search faq  

TekRADIUS :: Forum


register | lost password |
Messages in this topic - RSS

Home » General » Groups and banning groups from an AP/SSID


27.01.2010 02:46:16

DrSpanky
DrSpanky
Posts: 2
Howdy

I've set up Tekradius for mac based authentication and im looking for a way to block certain groups form certain SSIDs

for example
i have 2 group, one "staff" one "students"
and 2 laptops laptop1 is a staff laptop and laptop2 is a student laptop (both laptop names are the mac addresses that part works) and each laptop is in the correct group

i have that access point setup to broadcast 2 SSID's both on different VLANs
xx-xx-xx-xx-xx-xx:Staff
xx-xx-xx-xx-xx-xx:Student

is there a way to ban the student group from xx-xx-xx-xx-xx-xx:Staff


any help would be much appreciated
permalink • reply with quote
27.01.2010 11:54:30

admin
admin
Administrator
Posts: 881
Hi,

As far as I understandt your AP device sends SSID information as a part of Calling-Station-Id value in access requests.
Unfortunately TekRADIUS can not process a part of incoming RADIUS attribute. If your AP can send SSID information in a attribute as
an individual value, you can create a group and add TekRADIUS-Status attribute as check attribute with value "Disabled" along with the attribute which denotes
individually SSID.

Best regards,

Yasin KAPLAN
permalink • reply with quote
27.01.2010 20:18:20

DrSpanky
DrSpanky
Posts: 2
admin wrote:
Hi,

As far as I understandt your AP device sends SSID information as a part of Calling-Station-Id value in access requests.
Unfortunately TekRADIUS can not process a part of incoming RADIUS attribute. If your AP can send SSID information in a attribute as
an individual value, you can create a group and add TekRADIUS-Status attribute as check attribute with value "Disabled" along with the attribute which denotes
individually SSID.

Best regards,

Yasin KAPLAN


The calling station id comes up as the laptops mac address only like this xx-xx-xx-xx-xx-xx
the called station Id comes up as APs Mac then the ssid like this xx-xx-xx-xx-xx-xx:Staff

so it wouldnt need to process part of that attribute, could it deal with the field as a whole?

like if user name is in staff group and called station id is equal to xx-xx-xx-xx-xx-xx:Staff allow access else deny access
permalink • reply with quote

Home » General » Groups and banning groups from an AP/SSID






Powered by AspNetForum 6.5.7.0 © 2006-2010 Jitbit Software