Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem with AP1200 Web admin authentication on Cisco Secure

Hello,

I have defined a Radius Authentication for administrators logging on the AP1200 Web interface.

I can see a successfull authentication on the Cisco Secure and if I trace the packet coming back from the Cisco Secure, I can see a 'Radius Access Accept'.

Unfortunately the AP1200 does not interpretate this info correctly and the administrator still get a login window. No logs are present on the AP1200.

The versions are:

CiscoSecure ACS v2.6 for Windows 2000/NT

Release 2.6(3) Build 2

AP1200 version 12.02T (the last one non-IOS available)

In the 'Radius Access Accept' packet coming back from the Cisco Secure I can see an AV pairs equal to 255.255.255.255. I think this should be the IP address of the AP1200 instead ?

Thanks

2 REPLIES
Cisco Employee

Re: Problem with AP1200 Web admin authentication on Cisco Secure

Hi ,

Have you defined Cisco AV Pair for this users ?

Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex

aironet:admin-capability=write+ident+admin+firmware

Here is the procedure for the admin user you to define the Cisco AV pair Attributes .

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,

1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level click on submit

3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair using

aironet:admin-capability=write+ident+admin+firmware

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm#1073082

New Member

Re: Problem with AP1200 Web admin authentication on Cisco Secure

Thanks a lot, this solve my problem !

Regards

324
Views
0
Helpful
2
Replies