04-04-2004 04:42 AM - edited 03-10-2019 07:44 AM
My scenario is:
- Cisco APs (350 & 1200 Series)
- ACS 3.2 appliance
- Active Directory
- User authenticate for wireless connection using Cisco PEAP
Now the wireless users have user accounts in the ACS 3.2 mapped to the external data base AD to get connected to the WLAN. How can I configure the ACS 3.2 and the APs to authenticate Administrator Users with a different privilege Read or Wire to get access to the AP for troubleshooting or updating? Will be there a conflict on the users who have both an access to the WLAN and Admin account?
What I want to know, is it possible to administrate the access for the AP configuration and getting access for the WLAN at the same time by using the ACS 3.2? And how it can be?
Regards
04-05-2004 06:38 AM
Yes. I am currently doing exactly that (only with LEAP authentication for the wireless user).
I use tacacs+ for the authentication/authorizatin/accounting of adminsitrative functions.
Create a SECOND network object in ACS for using the tacacs+ features. Use a different key to communicate to the server.
Here are the aaa commands I use on my 350's and my 1200's:
aaa authentication login default group tacacs+ local-case
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
Also, identify your tacacs server along with your radius server:
tacacs-server host xxxx
tacacs-server xxxxx
04-12-2004 09:17 PM
thanks alot for your reply, but do u have any documents about this issue??
please if anyone familiar, post your comment to share the info.
Thanks
04-13-2004 04:55 AM
I am not really sure what you are asking me?
Documents about this issue??
Can you please be more specific.
A.
04-05-2004 06:40 AM
oops
04-05-2004 07:00 AM
trying to delete these extra posts
04-16-2004 09:47 PM
I want any documentation about:
Configuring AP and ACS 3.2 appliance to control the access for administrator users to the AP using ACS 3.2?
What I should configure in APs "350, 1200 series"
What I should configure in ACS 3.2 appliance?
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide