Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1196
Views
5
Helpful
3
Replies

AAA Authentication Lightweight AP

Go to solution
AlexZmann
Level 1
Level 1

‎01-04-2012 07:23 AM - edited ‎07-03-2021 09:19 PM

Is there a way to authenticate a user logging into (telnet/ssh) a lightweight AP using RADIUS or TACACS+?  I know you can set global usernames and passwords, but this customer would like to use ACS to authenticate user access to log into their APs.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎01-22-2012 02:33 PM

No this is not currently a feature in the CUWN architecture you would login to the WLC to configure the AP, 98% if the time. And you can co figure TACACS to the WLC.

For the other two percent of the time you would enable telnet/ssh for the AP and set a username/password Combe there. It can be done globally or per AP

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

3 Replies 3

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎01-04-2012 07:41 AM

That is a good question... However, I don't think there is a way to do that.  That would mean you would have to create a AAA client for each AP along with the WLC.

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Viten Patel
Cisco Employee
Cisco Employee
In response to Scott Fella

‎01-22-2012 02:08 PM

Ok so, this may be a long shot. But a few days back I came across a similar situation where in the APs were doing radius authentication...

so what you want to do is (or at least try that out), use port security (dont have the commands) and authenticate using the client mac address.

This may sound very vague as I myself did not understand the details of it that much..

however, in that scenario the APs were in hreap local switching mode (and use local radius on the AP side). There was some talk of using NEAT and all with the setup but to be honest I couldn't understand much.

the other simple thing you can do is create an ACL for the AP subnet and maybe apply some sort of radius authentication or mac filtering on it.

Again, I am still not that fimilar with the wired side to comment on it for sure.

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎01-22-2012 02:33 PM

No this is not currently a feature in the CUWN architecture you would login to the WLC to configure the AP, 98% if the time. And you can co figure TACACS to the WLC.

For the other two percent of the time you would enable telnet/ssh for the AP and set a username/password Combe there. It can be done globally or per AP

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card