Which two methods can be used in Cisco Secure ACS 5.2 to assign client authentication requests to different access services or authorization policies, based on the SSID to which the client is associated? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.AD.
In Cisco Secure ACS 5.2, there are several methods that can be used to assign client authentication requests to different access services or authorization policies, based on the SSID to which the client is associated. Two of these methods are:
E. Condition based on the RADIUS-IETF:Called-Station-ID(30) attribute: This method involves using the RADIUS-IETF:Called-Station-ID(30) attribute to match the SSID to which the client is associated. The Called-Station-ID attribute is a standard RADIUS attribute that identifies the network access server (NAS) port that is being used by the client. In the case of a wireless client, the Called-Station-ID attribute can be used to identify the SSID to which the client is associated. This attribute can be used as a condition in the access service or authorization policy to which the client authentication request is assigned, to ensure that the correct policy is applied based on the SSID.
F. Condition based on the RADIUS-IETF:Calling-Station-ID(31) attribute: This method involves using the RADIUS-IETF:Calling-Station-ID(31) attribute to match the MAC address of the client device. This attribute identifies the MAC address of the wireless client device that is making the authentication request. By using this attribute as a condition in the access service or authorization policy, it is possible to ensure that the correct policy is applied based on the SSID to which the client is associated.
A, B, C, and D are not valid methods for assigning client authentication requests to different access services or authorization policies based on the SSID to which the client is associated.
A. DNIS-based end station filter: This method is not applicable in the context of wireless networks as it is used in the context of PSTN (Public Switched Telephone Network) networks.
B. CLI-based end station filter: This method is not applicable in the context of wireless networks as it is used in the context of wired networks.
C. Condition based on the RADIUS-IET: This is not a valid option as it is not specific enough and does not identify the SSID to which the client is associated.
D. Filter-ID(11) attribute: This is not a valid option for identifying the SSID to which the client is associated. The Filter-ID attribute is used to specify a filter that the NAS should apply to a specific user or group of users, but it does not identify the SSID to which the client is associated.
In conclusion, the two methods that can be used in Cisco Secure ACS 5.2 to assign client authentication requests to different access services or authorization policies based on the SSID to which the client is associated are Condition based on the RADIUS-IETF:Called-Station-ID(30) attribute and Condition based on the RADIUS-IETF:Calling-Station-ID(31) attribute.