Home > Wireless LAN > Group Policies and Blacklisting > Using RADIUS Attributes to Apply Group Policies

Using RADIUS Attributes to Apply Group Policies

RADIUS attributes used with Group policies can apply custom network policies to wireless users. This can be accomplished using a RADIUS attribute, where the attribute contains the name of a group policy configured in Dashboard.

Requirements

This configuration assumes that an SSID has already been configured to perform WPA2-Enterprise authentication with RADIUS, and that one or more group policies have been created in Dashboard.

Group Policies for user groups can only be configured on an SSID that uses a local (customer-premise) RADIUS server for authentication at association time. 

 

Additionally, the RADIUS server must be configured to send an attribute along with its accept message, containing the name of a group policy configured in Dashboard (as a String). Commonly, the Filter-Id attribute will be used for this purpose. The screenshot below shows a network policy in Windows NPS, configured to pass the name of a Dashboard group policy ("LANAccess") within the Filter-Id attribute:

RADIUS Attribute Details

The following RADIUS attributes can be used to specify a group policy:

Dashboard Configuration

Once the above requirements have been met, the following configuration steps will associate the Dashboard group policy with the configured RADIUS attribute:

  1. Navigate to Wireless > Configure > Access control and select the appropriate SSID. 
  2. Under RADIUS attribute specifying group policy name, select the attribute configured earlier. In the screenshot below, the attribute used is Filter-Id:

You must to post a comment.
Last modified
11:51, 22 Jan 2016

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 1842

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case