10-19-2006 04:47 PM - edited 07-03-2021 01:07 PM
I have a
AIR-AP1242AG-A-K9
When I connect my console cable to the Access point it puts me direclty into
ap1.ciscow>
versus the username prompt.
I dont have the command 'login local' or 'login' like a switch or router does for vty/con/aux lines so just trying to find out how I can point line con 0 port of the wireless access point to use the local username database configured on the access point itself.
Any Ideas?
IOS 12.3(7)JA1
Solved! Go to Solution.
10-23-2006 10:59 PM
Hi Glen,
try aaa authorization console in config mode to add the radius und/or tacacs authorization to the console port globally!
Best regards,
Frank
10-19-2006 09:28 PM
Hi Glen,
i have this running on a 1242AG with 12.3(8)JA2 and this setup is valid since 12.2.
username admin privilege 15 password 7 xxxxxxxxx
line con 0
line vty 0 4
transport preferred telnet
line vty 5 15
And im prompted a login screen.
This is the link to the command reference Guide for the AP. There are only the AP specific commands availiable. Also a list of non AP specific commands.
For the rest (non AP-specific) try this one here:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/prod_command_reference_list.html
I hope that helps.
Best regards,
Frank
Btw, did you setup TACACS or RADIUS login? Then login might not be availiable.
10-20-2006 07:58 AM
Frank,
Thanks for responding, TACACS is setup yes, but that is for wireless client logons. I wonder if that's part of my issue. I'll provide you with my full config script for you to review and let me know what you think.
10-20-2006 08:08 AM
The only way you're going to get the login to the local database, by default, is to add the login local on the con 0 like you would a router or swtich. The other thing you can do is type "login" at the > prompt and login that way.
10-20-2006 10:01 AM
I asked our guy onsite if he used the login command and he said he did. Also the login, and login local are not options on the line con 0 or vty.
10-20-2006 01:16 PM
10-22-2006 08:31 PM
Hi Glen,
sorry for the delay. Damn weekend.
;-)
Your config looks pretty good.
Username is defined, the tty and the local login (aaa authorization exec default local).
Hmmm, very strange.
Maybe you have configured the users wirelessadmin and clientadmin in the tacacs server?
Please let me know.
Best regards,
Frank
10-22-2006 08:35 PM
No problem at all Frank. Yea the wirelessadmin and clientadmin are configured locally. RADIUS is configured on the local wireless device. We have no external database for authenticating users. I think this is a user onsite that may be using the wrong commands to prompt them for username. I will update once I have him go back onsite and see if he can use the 'login' command to prompt him for username.
10-23-2006 12:04 PM
Here is the prompt he gets when he logs onto the console port.
Here is what I get after connecting and typ in ?
Powered by...
|| ||
|| ||
|||| ||||
|||||| ||||||
.:||||||||||:. .:||||||||||:.
C i s c o S y s t e m s
---------------------------------------------------
ap1.wireless>login client
^
% Invalid input detected at '^' marker.
ap1.beaverton-dod.lanphere>login
ap1.beaverton-dod.lanphere>en
Password:
% Access denied
ap1.beaverton-dod.lanphere>exit
Press RETURN to get
ap1.wireless>?
Exec commands:
access-enable Create a temporary Access-List entry
clear Reset functions
connect Open a terminal connection
crypto Encryption related commands.
disable Turn off privileged commands
disconnect Disconnect an existing
dot11 IEEE 802.11 commands
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
led LED functions
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
name-connection Name an existing network connection
ping Send echo messages
radius radius exec commands
release Release a resource
renew Renew a resource
resume Resume an active network connection
save Start to save raise_interrupt_level stack
set Set system parameter (not config)
show Show running system information
ssh Open a secure shell client connection
systat Display information about terminal lines
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
tunnel Open a tunnel connection
where List active connections
ap1.wireless>
At this point he has to know the Enable password to get in.
So I added the following lines and now it prompts him for username password.
line con 0
privilege level 15
login authentication default
aaa authentication login default local
My question now is, why do I need to have level 15? IF I remove it he only gets level 7 access and that's it.
10-23-2006 10:59 PM
Hi Glen,
try aaa authorization console in config mode to add the radius und/or tacacs authorization to the console port globally!
Best regards,
Frank
11-08-2006 01:45 PM
Very cool Frank. Ill have him try that and get back to you. Been on vacation, Damn vacations. :D Will get back to you.
11-09-2006 04:53 PM
Nice work my friend. That works great. Confirmed this does work fine. Thanks for all your help!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: