Cisco Support Community
Community Member

is 1200AP AAA server or client in ACS 3.1?

I would like to setup a 1200AP in ACS to authenticate users using LEAP. After reading some technical documentation and examples of configuring LEAP authentication I am confused as to whether the AP should be setup as a AAA server or a AAA client in ACS? I would assume a client as it is the only option for Radius(Aironet) but not sure. Could someone clarify please.

I have 12.00T installed on the AP and would also like to authenticate the administrative login to the AP using the ACS server. Is there a setting to enable this on the AP? I have the athentication server check box enabled for "User Authentication" and is still does not work. Any help appreciated.


Cisco Employee

Re: is 1200AP AAA server or client in ACS 3.1?

AP (IP address of the AP) in the ACS (AAA server) should be configured as "AAA client".

Here is the best url which has step-by-step config for the LEAP for AP and ACS too.

Cisco Employee

Re: is 1200AP AAA server or client in ACS 3.1?

For admin user authentication against ACS radius, you need to have following attribute in the cisco av-pair list


Once you have that as suthorization attribute, it will work.

Cisco Employee

Re: is 1200AP AAA server or client in ACS 3.1?

make sure you are running 12.0 on AP 350 .

For the admin user you need to define the Cisco AV pair Attributes .

Following procedure will help you

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,


check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level

click on submit

3) Add a user ( User setup >> ADD/EDIT )

to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair

2) example


Community Member

Re: is 1200AP AAA server or client in ACS 3.1?

It looks like I cannot have a Radius(Aironet) and Radius(IOS/PIX) AAA client for the same IP address. Is it possible to have RADIUS authentication for wireless clients as well as user authentication for Access Point management? If so what is the trick?

CreatePlease to create content