I am just in the process of creating a second captive portal on our Cisco WLC/WCS system. We use ACS 5.2 as our authentication platform. The second portal is nothing more than a branding overlay to the existing captive portal network, but each Captive Portal needs to allow different people to connect (Please don't ask me to justify this design any more, it has been thrust upon me :( ) So, we are experiencing some difficulty on how to differentiate the auth requests coming from each portal. I am sure this isn't a Cisco ACS specific issue. So is there anything we can query to define the service selection that the auth requests are sent to? We already no we can't use the username as this is essentially our guest network and the username is the email address of the user and could be anything. I'm not sure what, if any, radius attributes are sent during the webauth request or if you can define more to be sent by changing the HTML of the login page. Unlike 802.1x which has a lot of detail, the passed auth logs for captive portal seem devoid of pretty much everything. We are using the same controllers for both portals and the successful users are mapped onto the same VLAN but we are trying to allow some users to access one portal but not another (again, please don't ask for justification on this, it's all smoke and mirrors). Any help greatly appreciated. Paul -- Paul Brennan Head of Network Services Coventry University Single Number Reach: 02477 658643