Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1276
Views
0
Helpful
6
Replies

Administrating the access for Aironet AP using ACS 3.2

alahmadi
Level 1
Level 1

‎04-04-2004 04:42 AM - edited ‎03-10-2019 07:44 AM

My scenario is:

- Cisco APs (350 & 1200 Series)

- ACS 3.2 appliance

- Active Directory

- User authenticate for wireless connection using Cisco PEAP

Now the wireless users have user accounts in the ACS 3.2 mapped to the external data base AD to get connected to the WLAN. How can I configure the ACS 3.2 and the APs to authenticate “Administrator Users” with a different privilege “Read or Wire” to get access to the AP for troubleshooting or updating? Will be there a conflict on the users who have both an access to the WLAN and Admin account?

What I want to know, is it possible to administrate the access for the AP configuration and getting access for the WLAN at the same time by using the ACS 3.2? And how it can be?

Regards

Labels:
0 Helpful
6 Replies 6

aaronw
Level 1
Level 1

‎04-05-2004 06:38 AM

Yes. I am currently doing exactly that (only with LEAP authentication for the wireless user).

I use tacacs+ for the authentication/authorizatin/accounting of adminsitrative functions.

Create a SECOND network object in ACS for using the tacacs+ features. Use a different key to communicate to the server.

Here are the aaa commands I use on my 350's and my 1200's:

aaa authentication login default group tacacs+ local-case

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

Also, identify your tacacs server along with your radius server:

tacacs-server host xxxx

tacacs-server xxxxx

0 Helpful

alahmadi
Level 1
Level 1
In response to aaronw

‎04-12-2004 09:17 PM

thanks alot for your reply, but do u have any documents about this issue??

please if anyone familiar, post your comment to share the info.

Thanks

0 Helpful

aaronw
Level 1
Level 1
In response to alahmadi

‎04-13-2004 04:55 AM

I am not really sure what you are asking me?

Documents about this issue??

Can you please be more specific.

A.

0 Helpful

aaronw
Level 1
Level 1

‎04-05-2004 06:40 AM

oops

0 Helpful

aaronw
Level 1
Level 1

‎04-05-2004 07:00 AM

trying to delete these extra posts

0 Helpful

alahmadi
Level 1
Level 1
In response to aaronw

‎04-16-2004 09:47 PM

I want any documentation about:

Configuring AP and ACS 3.2 appliance to control the access for administrator users to the AP using ACS 3.2?

What I should configure in APs "350, 1200 series"

What I should configure in ACS 3.2 appliance?

Regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents