Restrict ssids by using a radius server – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

285

Configuring Multiple SSIDs

Chapter 8

For example, this sample output from a show configuration privileged EXEC
command does not show spaces in SSIDs:

ssid buffalo

vlan 77

authentication open

ssid buffalo

vlan 17

authentication open

ssid buffalo

vlan 7

authentication open

However, this sample output from a show dot11 associations privileged EXEC
command shows the spaces in the SSIDs:

SSID [buffalo] :

SSID [buffalo ] :

SSID [buffalo ] :

Restrict SSIDs by Using a
RADIUS Server

To prevent client devices from associating to the access point by using an
unauthorized SSID, you can create a list of authorized SSIDs that clients must use
on your RADIUS authentication server.

The SSID authorization process consists of these steps:

1. A client device associates to the access point by using any SSID configured

on the access point.

2. The client begins RADIUS authentication.
3. The RADIUS server returns a list of SSIDs that the client is allowed to

use. The access point checks the list for a match of the SSID used by the
client. There are three possible outcomes:
a. If the SSID that the client used to associate to the access point matches

an entry in the allowed list returned by the RADIUS server, the client is
allowed network access after completing all authentication
requirements.

IMPORTANT

This command shows only the first 15 characters of the SSID. Use the

show

dot11 associations client

command to see SSIDs having

more than 15 characters.