Light Weight Access Point and Tacacs authentication

Answered Question
Apr 27th, 2012

Hello,

I need a help here,

My access points already joined WLC. I want to configure it so everyone who wants to log on to the access point is authenticated using tacacs authentication? How can I do this? I already search at the Configuration guide but I can't find and I can't find a command to input the tacacs server in that lightweight access points.

Can you help me of how to configure lightweight access point that already join the controller so everyone who wants to log in to it is authenticated using tacacs authentication?

Kind regards,

I have this problem too.
0 votes
Correct Answer by Stephen Rodriguez about 1 year 11 months ago

ahh, ok.  No, you can't do that as the AP isn't aware of TACACS. 

Out of curiosity, why would you need/want to go to the AP?  For the most part you can pull any of the show commands from the CLI of the WLC, which is TACACS aware.

Steve

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Stephen Rodriguez Fri, 04/27/2012 - 07:40

First, TACACS is used for authentication of a management user accessing the WLC.  NOT for user authentication to the network.

Second, in a lightweight environment, you don't auth to the AP, but to the WLC.

So, you need to make sure that your ACS is configured for RADIUS authentication, for the users.  Define the server in the RADIUS section of the Security tab, then configure the WLAN for WPA/TKIP or WPA2/AES with 802.1x as the auth method.

find the section:

Configure the WLC for WPA

from the below examples

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#configs

Steve

Robot_Otobot Fri, 04/27/2012 - 07:47

Thanks Steve for your response,

But what my boss needs is each time we telnet to the access point (lightweight) we use username and password that listed in tacacs. Can we do that? Can we configure the access point to do that?

Warm regards.

Correct Answer
Stephen Rodriguez Fri, 04/27/2012 - 07:53

ahh, ok.  No, you can't do that as the AP isn't aware of TACACS. 

Out of curiosity, why would you need/want to go to the AP?  For the most part you can pull any of the show commands from the CLI of the WLC, which is TACACS aware.

Steve

Robot_Otobot Fri, 04/27/2012 - 08:17

You are right!! Lightweight access point is unaware of TACACS but WLC do.

When I try to type one of tacacs-specific command: "ip tacacs-server" @ the access point's CLI, command doesn't appear. I kind not believe the LAP don't support TACACS. I try to search in config guide and then in here.

About the reason, I don't know. Maybe for better security I think. Thanks for you.

Cheers,

Actions

Login or Register to take actions

This Discussion

Posted April 27, 2012 at 7:34 AM
Stats:
Replies:4 Avg. Rating:5
Views:737 Votes:0
Shares:0

Related Content

Discussions Leaderboard