Hi Reene,
you don't need to send the SSID/VSAs just filter on the NAS identifier (default = VNS name).
So in the WLAN controller GUI > VNS > WLAN services > Auth&Acc > select the RADIUS and click configure.
In the below screenshot you'd see the default for NAS identifier is the VNS name, if you'd like to send another keyword remove the checkmark and put in the name that you'd like to filter in the field on the right.
On the NPS now create a network policy with the conditions for the correct NAS identifier and the Windows group name.
In my example below the condition is that the request is from a Wifi device (the controller), NAS ID = SecureAccess, Windows group = WL3.
If you like you'd send all VSAs and add even more conditions on the network policy but for your scenario that isn't really necessary.
-Ron
you don't need to send the SSID/VSAs just filter on the NAS identifier (default = VNS name).
So in the WLAN controller GUI > VNS > WLAN services > Auth&Acc > select the RADIUS and click configure.
In the below screenshot you'd see the default for NAS identifier is the VNS name, if you'd like to send another keyword remove the checkmark and put in the name that you'd like to filter in the field on the right.
On the NPS now create a network policy with the conditions for the correct NAS identifier and the Windows group name.
In my example below the condition is that the request is from a Wifi device (the controller), NAS ID = SecureAccess, Windows group = WL3.
If you like you'd send all VSAs and add even more conditions on the network policy but for your scenario that isn't really necessary.
-Ron
