12-16-2002 11:59 AM - edited 07-04-2021 08:24 AM
Can anyone tell me if it is possible to set up authenticate admin access to an AP1200 running the 12.00T code.
I'm using ACS ver 3.1
All other devices (routers switches, VPN 3000, etc..) all authenticate properly.
Thanx
12-16-2002 03:15 PM
You can authenticate the admin access to AP1200 using RADIUS protocol but not using TACACS.. TACACS option is reserved for future enhancements..
Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex
aironet:admin-capability=write+ident+admin+firmware
Here is the procedure for the admin user you to define the Cisco AV pair Attributes .
a) On acs select the interface configuration and go to the advance option ,
selct "per-user Tacacs/ radius attribute " click on submit .
b)On ACS , Select network configuration ,
1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS
if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute
2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )
Enable [026/009/001] "cisco av-pair" option , again make sure that you enable
at user and group level click on submit
3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control
1) enable and configure cisco 09\001 cisco av-pair using
aironet:admin-capability=write+ident+admin+firmware
12-25-2002 09:53 AM
For tacacs support for admin user authentication, pl. follow the feature request bug CSCdz48507.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: