Is there a way to authenticate a user logging into (telnet/ssh) a lightweight AP using RADIUS or TACACS+? I know you can set global usernames and passwords, but this customer would like to use ACS to authenticate user access to log into their APs.
Ok so, this may be a long shot. But a few days back I came across a similar situation where in the APs were doing radius authentication...
so what you want to do is (or at least try that out), use port security (dont have the commands) and authenticate using the client mac address.
This may sound very vague as I myself did not understand the details of it that much..
however, in that scenario the APs were in hreap local switching mode (and use local radius on the AP side). There was some talk of using NEAT and all with the setup but to be honest I couldn't understand much.
the other simple thing you can do is create an ACL for the AP subnet and maybe apply some sort of radius authentication or mac filtering on it.
Again, I am still not that fimilar with the wired side to comment on it for sure.