01-04-2012 07:23 AM - edited 07-03-2021 09:19 PM
Is there a way to authenticate a user logging into (telnet/ssh) a lightweight AP using RADIUS or TACACS+? I know you can set global usernames and passwords, but this customer would like to use ACS to authenticate user access to log into their APs.
Solved! Go to Solution.
01-22-2012 02:33 PM
No this is not currently a feature in the CUWN architecture you would login to the WLC to configure the AP, 98% if the time. And you can co figure TACACS to the WLC.
For the other two percent of the time you would enable telnet/ssh for the AP and set a username/password Combe there. It can be done globally or per AP
Steve
Sent from Cisco Technical Support iPhone App
01-04-2012 07:41 AM
That is a good question... However, I don't think there is a way to do that. That would mean you would have to create a AAA client for each AP along with the WLC.
01-22-2012 02:08 PM
Ok so, this may be a long shot. But a few days back I came across a similar situation where in the APs were doing radius authentication...
so what you want to do is (or at least try that out), use port security (dont have the commands) and authenticate using the client mac address.
This may sound very vague as I myself did not understand the details of it that much..
however, in that scenario the APs were in hreap local switching mode (and use local radius on the AP side). There was some talk of using NEAT and all with the setup but to be honest I couldn't understand much.
the other simple thing you can do is create an ACL for the AP subnet and maybe apply some sort of radius authentication or mac filtering on it.
Again, I am still not that fimilar with the wired side to comment on it for sure.
01-22-2012 02:33 PM
No this is not currently a feature in the CUWN architecture you would login to the WLC to configure the AP, 98% if the time. And you can co figure TACACS to the WLC.
For the other two percent of the time you would enable telnet/ssh for the AP and set a username/password Combe there. It can be done globally or per AP
Steve
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide