Windows NPS radius to authenticate users using UserGroup/SSID pair

I have 2 SSID the following 2 SSID
admin : Must be member of AD group admins to authenticate on this ssid
wifi : Must be member of AD group wifi to authenticate on this ssid

I have followed the config doc from herer Windows NPS Server Integration for 802.1X authentication with cnMaestro as Proxy

But I cant get it to work like I want…
Would LDAP work for this?

Any help would be great…


I have kinda this setup for my office, where we are 3 departments using the same SSID.
But they get assigned different VLAN’s depending on which AD group they are in.

Can you give any more info on where you are stuck or what is not working?
Some tips:

  • Set 802.1X security on the WLAN
  • Under AAA Servers input the IP-address of your Windows NPS server, with the right secret and port.
  • On the Windows NPS server follow the guide you have posted, and you should be able to create an access policy which grants access based on the AD Groups you selectd.
  • To restrict “admin” AD group to “admin” SSID and vice versa, you must also add this condition in the network policy:
  1. Select “Called Station ID” as the condition type and click on “Add.”
  2. In the “Called Station ID” dialog box, enter the SSID of the “admin” network. For example, if the SSID is “admin”, you would enter “admin” in the “Pattern” field. Select “Exact match” from the “Pattern Matching” dropdown.
1 Like