Cisco Aironet 1040 AP managing

Answered Question
May 23rd, 2012
User Badges:

Dear friends,


We are currently using several AP's in our organization. And in this one AP i want to give a user the power to change the password of the wireless network to prevent miss use. I was wondering if it was possible to create an account who only has the privilege to change the WPA key?? I want to prevent that he will accidently change other settings.


Thnx.


gr,


W.

Correct Answer by George Stefanick about 5 years 2 months ago

You could configure a different privilege level for this user and only allow him certain commands. See attached


http://www.cisco.com/en/US/docs/routers/access/800/860-880-890/software/...


Sent from Cisco Technical Support iPad App

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Leo Laohoo Wed, 05/23/2012 - 17:02
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Nope.  Not possible.

Leo Laohoo Wed, 05/23/2012 - 21:29
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

You could configure a different privilege level for this user and only allow him certain commands.

True but to be allowed to only change ONE THING?  I don't think it'll work.


Just thought of an idea:  Why don't you create a script.  The script allows the user to enter only ONE value (the new password) and the script goes and telnet/ssh into the WAP, changes the password, exits and saves the config. 

gamccall Thu, 05/24/2012 - 05:10
User Badges:
  • Silver, 250 points or more

Sorry, leolaohoo, you're completely wrong on this. Please read the document that George linked. You have complete control over which commands are assigned to which privilege level, and if you want to make a privilege level that can only change the encryption you can absolutely do that.


The other way to do this would be with TACACS+ Authorization, and define a specific allowed command list for that user on your ACS server. This also gives you complete granular control down to the individual command.


I prefer to use the AAA route, but if you're on a small site with no ACS server then custom privilege levels are definitely a working option.

Leo Laohoo Thu, 05/24/2012 - 15:13
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Sorry, leolaohoo, you're completely wrong on this.

Fair enough. 

Actions

This Discussion

Related Content

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode