Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA Authentication Lightweight AP

Is there a way to authenticate a user logging into (telnet/ssh) a lightweight AP using RADIUS or TACACS+?  I know you can set global usernames and passwords, but this customer would like to use ACS to authenticate user access to log into their APs.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: AAA Authentication Lightweight AP

No this is not currently a feature in the CUWN architecture you would login to the WLC to configure the AP, 98% if the time. And you can co figure TACACS to the WLC.

For the other two percent of the time you would enable telnet/ssh for the AP and set a username/password Combe there. It can be done globally or per AP

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
3 REPLIES
Hall of Fame Super Silver

AAA Authentication Lightweight AP

That is a good question... However, I don't think there is a way to do that.  That would mean you would have to create a AAA client for each AP along with the WLC.

-Scott
*** Please rate helpful posts ***
Cisco Employee

AAA Authentication Lightweight AP

Ok so, this may be a long shot. But a few days back I came across a similar situation where in the APs were doing radius authentication...

so what you want to do is (or at least try that out), use port security (dont have the commands) and authenticate using the client mac address.

This may sound very vague as I myself did not understand the details of it that much..

however, in that scenario the APs were in hreap local switching mode (and use local radius on the AP side). There was some talk of using NEAT and all with the setup but to be honest I couldn't understand much.

the other simple thing you can do is create an ACL for the AP subnet and maybe apply some sort of radius authentication or mac filtering on it.

Again, I am still not that fimilar with the wired side to comment on it for sure.

Re: AAA Authentication Lightweight AP

No this is not currently a feature in the CUWN architecture you would login to the WLC to configure the AP, 98% if the time. And you can co figure TACACS to the WLC.

For the other two percent of the time you would enable telnet/ssh for the AP and set a username/password Combe there. It can be done globally or per AP

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
477
Views
5
Helpful
3
Replies