Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1455
Views
3
Helpful
5
Replies

Cisco Aironet 1040 AP managing

Go to solution
WuzzY1234
Level 1
Level 1

‎05-23-2012 04:07 AM - edited ‎07-03-2021 10:12 PM

Dear friends,

We are currently using several AP's in our organization. And in this one AP i want to give a user the power to change the password of the wireless network to prevent miss use. I was wondering if it was possible to create an account who only has the privilege to change the WPA key?? I want to prevent that he will accidently change other settings.

Thnx.

gr,

W.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎05-23-2012 07:37 PM

You could configure a different privilege level for this user and only allow him certain commands. See attached

http://www.cisco.com/en/US/docs/routers/access/800/860-880-890/software/configuration/guide/admin_ap.html#wp1057156

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎05-23-2012 05:02 PM

Nope.  Not possible.

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎05-23-2012 07:37 PM

You could configure a different privilege level for this user and only allow him certain commands. See attached

http://www.cisco.com/en/US/docs/routers/access/800/860-880-890/software/configuration/guide/admin_ap.html#wp1057156

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to George Stefanick

‎05-23-2012 09:29 PM 

You could configure a different privilege level for this user and only allow him certain commands.

True but to be allowed to only change ONE THING?  I don't think it'll work.

Just thought of an idea:  Why don't you create a script.  The script allows the user to enter only ONE value (the new password) and the script goes and telnet/ssh into the WAP, changes the password, exits and saves the config. 

0 Helpful

Go to solution
gamccall
Level 4
Level 4
In response to Leo Laohoo

‎05-24-2012 05:10 AM

Sorry, leolaohoo, you're completely wrong on this. Please read the document that George linked. You have complete control over which commands are assigned to which privilege level, and if you want to make a privilege level that can only change the encryption you can absolutely do that.

The other way to do this would be with TACACS+ Authorization, and define a specific allowed command list for that user on your ACS server. This also gives you complete granular control down to the individual command.

I prefer to use the AAA route, but if you're on a small site with no ACS server then custom privilege levels are definitely a working option.

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to gamccall

‎05-24-2012 03:13 PM 

Sorry, leolaohoo, you're completely wrong on this.

Fair enough. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card