Using RADIUS Attributes to Apply Group Policies
RADIUS attributes used with Group policies can apply custom network policies to wireless users. This can be accomplished using a RADIUS attribute, where the attribute contains the name of a group policy configured in Dashboard.
Requirements
This configuration assumes that an SSID has already been configured to perform WPA2-Enterprise authentication with RADIUS, and that one or more group policies have been created in Dashboard.
Group Policies for user groups can only be configured on an SSID that uses a local (customer-premise) RADIUS server for authentication at association time.
Additionally, the RADIUS server must be configured to send an attribute along with its accept message, containing the name of a group policy configured in Dashboard (as a String). Commonly, the Filter-Id attribute will be used for this purpose. The screenshot below shows a network policy in Windows NPS, configured to pass the name of a Dashboard group policy ("LANAccess") within the Filter-Id attribute:
RADIUS Attribute Details
The following RADIUS attributes can be used to specify a group policy:
Dashboard Configuration
Once the above requirements have been met, the following configuration steps will associate the Dashboard group policy with the configured RADIUS attribute:
- Navigate to Wireless > Configure > Access control and select the appropriate SSID.
- Under RADIUS attribute specifying group policy name, select the attribute configured earlier. In the screenshot below, the attribute used is Filter-Id: