Best way to cope with multiple SSIDs and MAC auth

Franks Andy (RLZ) IT Systems Engineer Andy.Franks at
Tue Aug 21 22:45:20 CEST 2012

Hi again,
  Thanks for everyone's input on the last question I asked today.
I have another : we are running cisco 1100/1200 series Aps with multiple
SSIDs. Depending on ldap groups users are assigned a VLAN which
corresponds to the internal or DMZ based network. The issue is that if a
user is in both groups, I either have to assign a "most important" one
or do something else. With some devices I'd like the opportunity to join
either vlan.
Because I am not aware that the cisco IOS can send an "SSID" attribute
to the radius server (if someone knows how to do this PLEASE tell me!),
I need to either send the authentication request to another radius
server and proxy from there so that all the traffic appears from one ip
address, or choose a different port and create a separate virtual server
that listens on that port and contains perhaps a different files
section, perhaps users_ssid or something that has separate rules.
Anybody got any bright ideas or opinions which would be best?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list