Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
3
Replies

How to configure Centralized Administrator Authentication at an AP350

Go to solution
mschuh
Level 1
Level 1

‎02-11-2003 06:59 AM - edited ‎07-04-2021 08:30 AM

i can't configure Centralized Administrator Authentication at an AP350.

i tried to configure with tacacs+ ( Version F4.0.4.alpha on SunSolaris) which well worked with IOS, but for the AP350 the tacacs+ server generates an AUTHEN/FAIL (supports the AP350 tacacs+ or only tacacs?). The second i tried is to use RADIUS with ACS3.0(2) Build5. The ACS generates an Access Accept, but the AP350 generates an Access Denied (which RADIUS-Attributes are necessary???)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ndoshi
Cisco Employee
Cisco Employee

‎02-16-2003 09:41 PM

Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex

aironet:admin-capability=write+ident+admin+firmware

Here is the procedure for the admin user you to define the Cisco AV pair Attributes .

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,

1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level click on submit

3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair using

aironet:admin-capability=write+ident+admin+firmware

View solution in original post

0 Helpful
3 Replies 3

Go to solution
ndoshi
Cisco Employee
Cisco Employee

‎02-16-2003 09:41 PM

Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex

aironet:admin-capability=write+ident+admin+firmware

Here is the procedure for the admin user you to define the Cisco AV pair Attributes .

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,

1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level click on submit

3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair using

aironet:admin-capability=write+ident+admin+firmware

0 Helpful

Go to solution
mschuh
Level 1
Level 1
In response to ndoshi

‎02-16-2003 11:08 PM

Hi Nilesh,

your solution works well, thanks. But how can i find this answer at the CCO??

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card