Welcome to Cisco Support Community. We would love to have your feedback.
For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.
I have defined a Radius Authentication for administrators logging on the AP1200 Web interface.
I can see a successfull authentication on the Cisco Secure and if I trace the packet coming back from the Cisco Secure, I can see a 'Radius Access Accept'.
Unfortunately the AP1200 does not interpretate this info correctly and the administrator still get a login window. No logs are present on the AP1200.
The versions are:
CiscoSecure ACS v2.6 for Windows 2000/NT
Release 2.6(3) Build 2
AP1200 version 12.02T (the last one non-IOS available)
In the 'Radius Access Accept' packet coming back from the Cisco Secure I can see an AV pairs equal to 255.255.255.255. I think this should be the IP address of the AP1200 instead ?
Have you defined Cisco AV Pair for this users ?
Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex
Here is the procedure for the admin user you to define the Cisco AV pair Attributes .
a) On acs select the interface configuration and go to the advance option ,
selct "per-user Tacacs/ radius attribute " click on submit .
b)On ACS , Select network configuration ,
1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS
if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute
2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )
Enable [026/009/001] "cisco av-pair" option , again make sure that you enable
at user and group level click on submit
3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control
1) enable and configure cisco 09\001 cisco av-pair using
Thanks a lot, this solve my problem !