03-16-2003 10:14 PM - edited 07-04-2021 08:34 AM
The latest firmware, 12.0T1 supports user authentication for administrating the 350 AP. I have set up to authenticate against an ACS 26 server. I see that I passed authentication in the ACS logs but I cannot get passed the login screen at the AP. Is there any documentation on setting this up? The 350 Bridge Software Configuration Guide does not have user auth at all. The on-line help lists it as an option but no details on using it.
thanks.
Solved! Go to Solution.
03-16-2003 11:36 PM
Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex
aironet:admin-capability=write+ident+admin+firmware
Here is the procedure for the admin user you to define the Cisco AV pair Attributes .
a) On acs select the interface configuration and go to the advance option ,
selct "per-user Tacacs/ radius attribute " click on submit .
b)On ACS , Select network configuration ,
1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS
if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute
2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )
Enable [026/009/001] "cisco av-pair" option , again make sure that you enable
at user and group level click on submit
3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control
1) enable and configure cisco 09\001 cisco av-pair using
aironet:admin-capability=write+ident+admin+firmware
03-16-2003 11:36 PM
Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex
aironet:admin-capability=write+ident+admin+firmware
Here is the procedure for the admin user you to define the Cisco AV pair Attributes .
a) On acs select the interface configuration and go to the advance option ,
selct "per-user Tacacs/ radius attribute " click on submit .
b)On ACS , Select network configuration ,
1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS
if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute
2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )
Enable [026/009/001] "cisco av-pair" option , again make sure that you enable
at user and group level click on submit
3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control
1) enable and configure cisco 09\001 cisco av-pair using
aironet:admin-capability=write+ident+admin+firmware
03-17-2003 08:31 AM
can I accomplish the same results by appling the change to the group rather than the user?
03-17-2003 08:38 AM
I applied it the group and this now works. If I pull out all the users out of the local user information table, will it impact my ability to use radius for authentication. I think the answer is no but want a second opinion before I remove the ID.
Thanks.
05-06-2003 06:54 PM
I could not add a new "NAS Radius (IOS/PIX)" for my AP, it says "An overlapping IP range has been detected". This is becuse this AP is also configured for "NAS Radius (Cisco Aironet)", it is for my PEAP authentication.
So how do I go about it authenticating my AP administrators?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide