Configuring Identity Networking; Identity Networking Overview - Cisco 2100 Series Configuration Manual
Wireless lan controller
Hide thumbs
Also See for 2100 Series:
- Configuration manual (50 pages) ,
- Quick start manual (12 pages) ,
- Configuration manual (406 pages)
Table of Contents
Advertisement
Configuring Identity Networking
•
•
Click Apply to commit your changes.
Step 3
Click Save Configuration to save your changes.
Step 4
Configuring Identity Networking
These sections explain the identity networking feature, how it is configured, and the expected behavior
for various security policies:
•
•
•
Identity Networking Overview
In most wireless LAN systems, each WLAN has a static policy that applies to all clients associated with
an SSID. Although powerful, this method has limitations since it requires clients to associate with
different SSIDs to inherit different QoS and security policies.
However, the Cisco Wireless LAN Solution supports identity networking, which allows the network to
advertise a single SSID but allows specific users to inherit different QoS or security policies based on
their user profiles. The specific policies that you can control using identity networking include:
•
•
•
•
The operating system's local MAC filter database has been extended to include the interface name,
allowing local MAC filters to specify to which interface the client should be assigned. A separate
RADIUS server can also be used, but the RADIUS server must be defined using the Security menus.
Cisco Wireless LAN Controller Configuration Guide
5-74
IP Theft or IP Reuse—Clients are excluded if the IP address is already assigned to another device.
Excessive Web Authentication Failures—Clients are excluded on the fourth web authentication
attempt, after three consecutive failures.
Identity Networking Overview, page 5-74
RADIUS Attributes Used in Identity Networking, page 5-75
Configuring AAA Override, page 5-78
Quality of Service. When present in a RADIUS Access Accept, the
QoS value specified in the WLAN profile.
ACL. When the ACL attribute is present in the RADIUS Access Accept, the system applies the
ACL-Name
to the client station after it authenticates. This overrides any ACLs that are assigned to
the interface.
VLAN. When a VLAN
Interface-Name
system places the client on a specific interface.
The VLAN feature only supports MAC filtering, 802.1X, and WPA. The VLAN feature does
Note
not support web authentication or IPSec.
Tunnel Attributes.
When any of the other RADIUS attributes (QoS-Level, ACL-Name, Interface-Name, or
Note
VLAN-Tag), which are described later in this section, are returned, the Tunnel Attributes
must also be returned.
Chapter 5
or
VLAN-Tag
is present in a RADIUS Access Accept, the
Configuring Security Solutions
QoS-Level
value overrides the
OL-17037-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
