From looking at the log file for NPS (to find your log file go to server manager, roles, network policy and access services, NPS, Accounting) I was able to see that when I connect to different ssids (single cisco access point, multiple ssids and vlans), the log shows me the mac address of the virtual ap I connect to. I tried to find this mac address on my cisco ap but couldnt so I connected to the different ssid's, looked at the log to get them.
For example:
"VMDC01","IAS",01/10/2012,10:00:41,1,"seegrid\bfisk","SEEGRID\bfisk","0023.050c.e751","0811.9688.ffb0",,,"pghap2","192.168.10.25",51105,9,"192.168.10.25","pghap02",,,19,,,1,11,"SGA Wireless",0,"311 1 192.168.10.4 01/10/2012 13:30:09 192",,,,"Microsoft: Secured password (EAP-MSCHAP v2)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"SGA",1,,,,
After my username bfisk, you will see the mac for the vap and for my client computer connecting to the wifi. Looking at the logs I found one ssid = e751 and the other was e750.
I then created network policies, one for each ssid/vlan and used the condition Called Station ID = e751$ for the one ssid, e750$ for the other ssid. Added the different domain group conditions for each and presto, working like a champ.
Downfall to this is if you have multple ap's you will need to do the same for each ap to get all the mac addresses. I couldnt find the vap mac using show int.
1 comment:
try *:[SSID] in station id.
With this you don't have to get all the MAC addresses if you have multiple AP:s.
Post a Comment