Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
4
Replies

User Authentication

Go to solution
dladen
Level 1
Level 1

‎03-16-2003 10:14 PM - edited ‎07-04-2021 08:34 AM

The latest firmware, 12.0T1 supports user authentication for administrating the 350 AP. I have set up to authenticate against an ACS 26 server. I see that I passed authentication in the ACS logs but I cannot get passed the login screen at the AP. Is there any documentation on setting this up? The 350 Bridge Software Configuration Guide does not have user auth at all. The on-line help lists it as an option but no details on using it.

thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ndoshi
Cisco Employee
Cisco Employee

‎03-16-2003 11:36 PM

Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex

aironet:admin-capability=write+ident+admin+firmware

Here is the procedure for the admin user you to define the Cisco AV pair Attributes .

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,

1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level click on submit

3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair using

aironet:admin-capability=write+ident+admin+firmware

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm#1073082

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ndoshi
Cisco Employee
Cisco Employee

‎03-16-2003 11:36 PM

Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex

aironet:admin-capability=write+ident+admin+firmware

Here is the procedure for the admin user you to define the Cisco AV pair Attributes .

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,

1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level click on submit

3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair using

aironet:admin-capability=write+ident+admin+firmware

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm#1073082

0 Helpful

Go to solution
dladen
Level 1
Level 1
In response to ndoshi

‎03-17-2003 08:31 AM

can I accomplish the same results by appling the change to the group rather than the user?

0 Helpful

Go to solution
dladen
Level 1
Level 1
In response to dladen

‎03-17-2003 08:38 AM

I applied it the group and this now works. If I pull out all the users out of the local user information table, will it impact my ability to use radius for authentication. I think the answer is no but want a second opinion before I remove the ID.

Thanks.

0 Helpful

Go to solution
andyhkw72
Level 1
Level 1
In response to ndoshi

‎05-06-2003 06:54 PM

I could not add a new "NAS Radius (IOS/PIX)" for my AP, it says "An overlapping IP range has been detected". This is becuse this AP is also configured for "NAS Radius (Cisco Aironet)", it is for my PEAP authentication.

So how do I go about it authenticating my AP administrators?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card