Creating an Corp network SSID and a BYOD network.

New here

Creating an Corp network SSID and a BYOD network.


I guess background first.  Just setup 5 MR52s an MR33 running 2 networks.  One for internal and one for internet only.  I am authenticating against RADIUS on MS server 2012.  


I have created a Corp SSID and a BYOD SSID.  I have them both working as desired using RADIUS Auth.  I created two policies in NPS one for corp and one for BYOD.  I have the corp restricted to wireless PCs that are in the SecuredWirelessAccess group and Users that are in Domain users.  This works when I don't have my BYOD policy on.   I have them ordered Corp then BYOD.  


If I disable BYOD and attempt to logon from a Mac that is not a domain computer it denies me.  If I then enable the BYOD policy it allows me on the Corp network.  My windows group BYOD points to the BYOD SSID, not the corporate.  And the same for the Corp group.  I am using MS PEAP with a server certificate and when I disable that on the BYOD Policy it does not let me connect to either network. 


I know this is as much of an NPS issue as Meraki but figured it couldn't hurt to ask as I am sure someone has had something similar.


Thanks in advance for any tips!



1 Reply 1
Kind of a big deal
Kind of a big deal

I haven't done this for quite a while.  You need to add an extra match in NPS to match the SSID.  I think you need to match on "Called-Station-ID".  Basically look in the event viewer to see what is being sent to you as well in the RADIUS request and add something for that.


This article same some related info.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.