NPS and SSIDs

Robert 61 Reputation points
2020-11-18T19:56:01.353+00:00

Hello

Is it possible to have my NPS server recognize 2 different wireless SSID's and give access accordingly? IE: 1 SSID with local LAN access and 1 SSID with guest access for internet only. My thought here is that the guests would exist in active directory for authentication only. (no off the street guest access). I want to avoid open guest WiFi access. We will be utilizing Meraki APs. Can this be accomplished with AD groups? Our first thought was two implementations of NPS but I'd like to do it with one if possible.

Thanks in advance

RSC

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,051 questions
{count} votes

Accepted answer
  1. Gloria Gu 3,896 Reputation points
    2020-11-19T08:28:26.267+00:00

    @Robert Hi,

    Thank you for posting in Q&A!

    According to my research, **your requirements seems can be achieved by **configuring NPS policies.****

    41005-5.png

    1.Firstly, it is suggested to Map SSID to different VLANs(with local LAN access and guest access for internet) This should be configured on the AP device.
    Since that we are not familiar with third-party Ciso AP devide, please refer to the Ciso technical team for more professional suggestions.

    2.Then, you can set different NPS policies to achieve authentication of wireless clients against the Windows AD environment. For more details, please refer to:
    http://wifinigel.blogspot.com/2014/03/the-microsoft-network-policy-server-nps.html

    >>>>My thought here is that the guests would exist in active directory for authentication only. (no off the street guest access).

    Please noted that, this can be ahieved by adding a Condition inside the Network Policy and specify the Called Station ID which presents the WIFI Access Point MAC Address plus SSID.
    For more details, please refer to:
    https://learn.microsoft.com/zh-cn/archive/blogs/netgeeks/how-to-authenticate-multiple-wifi-ssids-on-a-single-nps-server-radius

    Hope you have a nice day : )
    Gloria

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
    https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.