Powered by
Jitbit AspNetForum
free trial version.
home
recent topics
recent posts
search
faq
TekRADIUS
:: Forum
remember me
register
|
lost password
|
Home
»
General
»
Groups and banning groups from an AP/SSID
27.01.2010 02:46:16
DrSpanky
Posts:
2
Howdy
I've set up Tekradius for mac based authentication and im looking for a way to block certain groups form certain SSIDs
for example
i have 2 group, one "staff" one "students"
and 2 laptops laptop1 is a staff laptop and laptop2 is a student laptop (both laptop names are the mac addresses that part works) and each laptop is in the correct group
i have that access point setup to broadcast 2 SSID's both on different VLANs
xx-xx-xx-xx-xx-xx:Staff
xx-xx-xx-xx-xx-xx:Student
is there a way to ban the student group from xx-xx-xx-xx-xx-xx:Staff
any help would be much appreciated
•
permalink
• reply with quote
27.01.2010 11:54:30
admin
Administrator
Posts:
881
Hi,
As far as I understandt your AP device sends SSID information as a part of Calling-Station-Id value in access requests.
Unfortunately TekRADIUS can not process a part of incoming RADIUS attribute. If your AP can send SSID information in a attribute as
an individual value, you can create a group and add TekRADIUS-Status attribute as check attribute with value "Disabled" along with the attribute which denotes
individually SSID.
Best regards,
Yasin KAPLAN
•
permalink
• reply with quote
27.01.2010 20:18:20
DrSpanky
Posts:
2
admin
wrote:
Hi,
As far as I understandt your AP device sends SSID information as a part of Calling-Station-Id value in access requests.
Unfortunately TekRADIUS can not process a part of incoming RADIUS attribute. If your AP can send SSID information in a attribute as
an individual value, you can create a group and add TekRADIUS-Status attribute as check attribute with value "Disabled" along with the attribute which denotes
individually SSID.
Best regards,
Yasin KAPLAN
The calling station id comes up as the laptops mac address only like this xx-xx-xx-xx-xx-xx
the called station Id comes up as APs Mac then the ssid like this xx-xx-xx-xx-xx-xx:Staff
so it wouldnt need to process part of that attribute, could it deal with the field as a whole?
like if user name is in staff group and called station id is equal to xx-xx-xx-xx-xx-xx:Staff allow access else deny access
•
permalink
• reply with quote
Home
»
General
»
Groups and banning groups from an AP/SSID
Powered by AspNetForum
6.5.7.0
© 2006-2010 Jitbit Software