Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Administrating the access for Aironet AP using ACS 3.2

My scenario is:

- Cisco APs (350 & 1200 Series)

- ACS 3.2 appliance

- Active Directory

- User authenticate for wireless connection using Cisco PEAP

Now the wireless users have user accounts in the ACS 3.2 mapped to the external data base AD to get connected to the WLAN. How can I configure the ACS 3.2 and the APs to authenticate “Administrator Users” with a different privilege “Read or Wire” to get access to the AP for troubleshooting or updating? Will be there a conflict on the users who have both an access to the WLAN and Admin account?

What I want to know, is it possible to administrate the access for the AP configuration and getting access for the WLAN at the same time by using the ACS 3.2? And how it can be?

Regards

  • AAA Identity and NAC
6 REPLIES
New Member

Re: Administrating the access for Aironet AP using ACS 3.2

Yes. I am currently doing exactly that (only with LEAP authentication for the wireless user).

I use tacacs+ for the authentication/authorizatin/accounting of adminsitrative functions.

Create a SECOND network object in ACS for using the tacacs+ features. Use a different key to communicate to the server.

Here are the aaa commands I use on my 350's and my 1200's:

aaa authentication login default group tacacs+ local-case

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

Also, identify your tacacs server along with your radius server:

tacacs-server host xxxx

tacacs-server xxxxx

New Member

Re: Administrating the access for Aironet AP using ACS 3.2

thanks alot for your reply, but do u have any documents about this issue??

please if anyone familiar, post your comment to share the info.

Thanks

New Member

Re: Administrating the access for Aironet AP using ACS 3.2

I am not really sure what you are asking me?

Documents about this issue??

Can you please be more specific.

A.

New Member

Re: Administrating the access for Aironet AP using ACS 3.2

oops

New Member

Re: Administrating the access for Aironet AP using ACS 3.2

trying to delete these extra posts

New Member

Re: Administrating the access for Aironet AP using ACS 3.2

I want any documentation about:

Configuring AP and ACS 3.2 appliance to control the access for administrator users to the AP using ACS 3.2?

What I should configure in APs "350, 1200 series"

What I should configure in ACS 3.2 appliance?

Regards,

120
Views
0
Helpful
6
Replies