Administrative access to AP1200 via TACACS+ authentication

cwainwright · ‎12-16-2002

Can anyone tell me if it is possible to set up authenticate admin access to an AP1200 running the 12.00T code.

I'm using ACS ver 3.1

All other devices (routers switches, VPN 3000, etc..) all authenticate properly.

Thanx

tepatel · ‎12-16-2002

You can authenticate the admin access to AP1200 using RADIUS protocol but not using TACACS.. TACACS option is reserved for future enhancements..

Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex

aironet:admin-capability=write+ident+admin+firmware

Here is the procedure for the admin user you to define the Cisco AV pair Attributes .

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,

1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level click on submit

3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair using

aironet:admin-capability=write+ident+admin+firmware

tepatel · ‎12-25-2002

For tacacs support for admin user authentication, pl. follow the feature request bug CSCdz48507.