Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to configure Centralized Administrator Authentication at an AP350

i can't configure Centralized Administrator Authentication at an AP350.

i tried to configure with tacacs+ ( Version F4.0.4.alpha on SunSolaris) which well worked with IOS, but for the AP350 the tacacs+ server generates an AUTHEN/FAIL (supports the AP350 tacacs+ or only tacacs?). The second i tried is to use RADIUS with ACS3.0(2) Build5. The ACS generates an Access Accept, but the AP350 generates an Access Denied (which RADIUS-Attributes are necessary???)

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: How to configure Centralized Administrator Authentication at

Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex

aironet:admin-capability=write+ident+admin+firmware

Here is the procedure for the admin user you to define the Cisco AV pair Attributes .

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,

1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level click on submit

3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair using

aironet:admin-capability=write+ident+admin+firmware

3 REPLIES
Cisco Employee

Re: How to configure Centralized Administrator Authentication at

Cisco Employee

Re: How to configure Centralized Administrator Authentication at

Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex

aironet:admin-capability=write+ident+admin+firmware

Here is the procedure for the admin user you to define the Cisco AV pair Attributes .

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,

1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level click on submit

3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair using

aironet:admin-capability=write+ident+admin+firmware

New Member

Re: How to configure Centralized Administrator Authentication at

Hi Nilesh,

your solution works well, thanks. But how can i find this answer at the CCO??

143
Views
0
Helpful
3
Replies
CreatePlease login to create content