Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco Aironet 1040 AP managing

Dear friends,

We are currently using several AP's in our organization. And in this one AP i want to give a user the power to change the password of the wireless network to prevent miss use. I was wondering if it was possible to create an account who only has the privilege to change the WPA key?? I want to prevent that he will accidently change other settings.

Thnx.

gr,

W.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cisco Aironet 1040 AP managing

You could configure a different privilege level for this user and only allow him certain commands. See attached

http://www.cisco.com/en/US/docs/routers/access/800/860-880-890/software/configuration/guide/admin_ap.html#wp1057156

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
5 REPLIES
Hall of Fame Super Gold

Cisco Aironet 1040 AP managing

Nope.  Not possible.

Re: Cisco Aironet 1040 AP managing

You could configure a different privilege level for this user and only allow him certain commands. See attached

http://www.cisco.com/en/US/docs/routers/access/800/860-880-890/software/configuration/guide/admin_ap.html#wp1057156

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Hall of Fame Super Gold

Re: Cisco Aironet 1040 AP managing

You could configure a different privilege level for this user and only allow him certain commands.

True but to be allowed to only change ONE THING?  I don't think it'll work.

Just thought of an idea:  Why don't you create a script.  The script allows the user to enter only ONE value (the new password) and the script goes and telnet/ssh into the WAP, changes the password, exits and saves the config. 

Silver

Cisco Aironet 1040 AP managing

Sorry, leolaohoo, you're completely wrong on this. Please read the document that George linked. You have complete control over which commands are assigned to which privilege level, and if you want to make a privilege level that can only change the encryption you can absolutely do that.

The other way to do this would be with TACACS+ Authorization, and define a specific allowed command list for that user on your ACS server. This also gives you complete granular control down to the individual command.

I prefer to use the AAA route, but if you're on a small site with no ACS server then custom privilege levels are definitely a working option.

Hall of Fame Super Gold

Re: Cisco Aironet 1040 AP managing

Sorry, leolaohoo, you're completely wrong on this.

Fair enough. 

920
Views
3
Helpful
5
Replies
CreatePlease to create content