×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Administrative access to AP1200 via TACACS+ authentication

Unanswered Question
Dec 16th, 2002
User Badges:

Can anyone tell me if it is possible to set up authenticate admin access to an AP1200 running the 12.00T code.

I'm using ACS ver 3.1


All other devices (routers switches, VPN 3000, etc..) all authenticate properly.


Thanx

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tepatel Mon, 12/16/2002 - 15:15
User Badges:
  • Cisco Employee,

You can authenticate the admin access to AP1200 using RADIUS protocol but not using TACACS.. TACACS option is reserved for future enhancements..

Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex


aironet:admin-capability=write+ident+admin+firmware


Here is the procedure for the admin user you to define the Cisco AV pair Attributes .

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,

1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level click on submit

3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair using

aironet:admin-capability=write+ident+admin+firmware




tepatel Wed, 12/25/2002 - 09:53
User Badges:
  • Cisco Employee,

For tacacs support for admin user authentication, pl. follow the feature request bug CSCdz48507.

Actions

This Discussion

 

 

Trending Topics - Security & Network