05-23-2012 04:07 AM - edited 07-03-2021 10:12 PM
Dear friends,
We are currently using several AP's in our organization. And in this one AP i want to give a user the power to change the password of the wireless network to prevent miss use. I was wondering if it was possible to create an account who only has the privilege to change the WPA key?? I want to prevent that he will accidently change other settings.
Thnx.
gr,
W.
Solved! Go to Solution.
05-23-2012 07:37 PM
You could configure a different privilege level for this user and only allow him certain commands. See attached
http://www.cisco.com/en/US/docs/routers/access/800/860-880-890/software/configuration/guide/admin_ap.html#wp1057156
Sent from Cisco Technical Support iPad App
05-23-2012 05:02 PM
Nope. Not possible.
05-23-2012 07:37 PM
You could configure a different privilege level for this user and only allow him certain commands. See attached
http://www.cisco.com/en/US/docs/routers/access/800/860-880-890/software/configuration/guide/admin_ap.html#wp1057156
Sent from Cisco Technical Support iPad App
05-23-2012 09:29 PM
You could configure a different privilege level for this user and only allow him certain commands.
True but to be allowed to only change ONE THING? I don't think it'll work.
Just thought of an idea: Why don't you create a script. The script allows the user to enter only ONE value (the new password) and the script goes and telnet/ssh into the WAP, changes the password, exits and saves the config.
05-24-2012 05:10 AM
Sorry, leolaohoo, you're completely wrong on this. Please read the document that George linked. You have complete control over which commands are assigned to which privilege level, and if you want to make a privilege level that can only change the encryption you can absolutely do that.
The other way to do this would be with TACACS+ Authorization, and define a specific allowed command list for that user on your ACS server. This also gives you complete granular control down to the individual command.
I prefer to use the AAA route, but if you're on a small site with no ACS server then custom privilege levels are definitely a working option.
05-24-2012 03:13 PM
Sorry, leolaohoo, you're completely wrong on this.
Fair enough.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: