Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WiFi over Radius Servber with diferfent SSID's

Swagelok_Leipz
New here
‎May 29 2019 3:42 AM
‎May 29 2019 3:42 AM

WiFi over Radius Servber with diferfent SSID's

Hello,

 

we are trying to Setup WiFi that only works for the boss.

Our issue is that we are not able to block all other users of our radius to his specific SSID.

We don`t want to connect his MAC-addresses to the SSID rules as the solution to this issue.

Our Goal is to get him the Chance to be able to log in with any device he owns, using his Domain log on.

 

Plz Help 🙂

0 Kudos
Subscribe
3 Replies 3
HodyCrouch
Building a reputation
‎May 29 2019 5:14 AM
‎May 29 2019 5:14 AM

The better approach is to have your RADIUS server correctly authenticate users based on the SSID.  The SSID is sent to the RADIUS server as the Called-Station-ID.

 

If you can't get your RADIUS server to support this use case, here's an alternate approach.  I will admit that this approach is a bit clunky, but you're only trying to make this work for one person.

 

1. Set the BOSS ssid to use a Splash page and use Meraki authentication.  I would also set the captive portal strength to block all access.

 

2. Create a group policy and set it to bypass the splash page.

 

3. Assign the new group policy to each device belonging to the boss.  I suggest using the per-SSID group policy assignment so that you only assign this policy on the special SSID.

 

Other devices will be able to connect to the BOSS ssid, but they will only get the splash page and they won't have a Meraki user to login.

 

That should be enough to make this work.  I guess some people need to be more equal than others.

Subscribe
In response to HodyCrouch
kYutobi
Kind of a big deal
‎May 29 2019 5:40 AM
‎May 29 2019 5:40 AM

@HodyCrouch make a good point even though clunky it doesn't seem more simple than having to configure another RADIUS for Boss.

Enthusiast
Subscribe
In response to HodyCrouch
jdsilva
Kind of a big deal
‎May 29 2019 7:14 AM
‎May 29 2019 7:14 AM

@HodyCrouch wrote:

The better approach is to have your RADIUS server correctly authenticate users based on the SSID.  The SSID is sent to the RADIUS server as the Called-Station-ID.

 

 

This ^^

 

You should be able to do this with any self-respecting RADIUS server. Which one are you using?

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.