12-19-2013 06:09 AM - edited 07-04-2021 01:27 AM
Hi,
I want to permit from a user profile with the telnet CLI command to configure the new MAC address on the dot11 association mac-list 700
I have create the user 14 with the followed commands:
enable secret level 14 5 **************
enable secret 5 **************
privilege configure level 14 access-list
privilege exec level 14 write memory
privilege exec level 14 write
privilege exec level 14 configure terminal
privilege exec level 14 configure
privilege exec level 14 show dot11 associations client
privilege exec level 14 show dot11 associations
privilege exec level 14 show dot11
privilege exec level 14 show access-lists
privilege exec level 14 show
Access from login privilege 14
1602AP16#show privile
Current privilege level is 14
1602AP16#show access-l
Bridge address access list 700
permit 100b.a965.7384 0000.0000.0000 (2 matches)
permit 0026.c659.b182 0000.0000.0000
permit 0019.d2c2.96c0 0000.0000.0000
OK
add the new MAC address
1602AP16(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
1602AP16(config)#access-list 700 permit 0026.c659.b182 0000.0000.0000
^
% Invalid input detected at '^' marker.
I can open the user level 14 config and when I add the new MAC address I received the " Invalid input detected " message
What is wrong ?
Is it only permit at level 15 ?
IOS version :
Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Thank you to shared me yours comments !
Patrick
12-26-2013 12:37 PM
Hi Patrick,
Please use priviliage level 15 and then try.
Enter global configuration mode on the AP CLI:
This ACL allows the client 0026.c659.b182 to associate with the AP.
access-list 700 permit 0026.c659.b182 0000.0000.0000
!--- This ACL denies all traffic to and from
!--- the client with MAC address 0026.c659.b182.
dont forget to apply this MAC-based ACL to the radio interface:
dot11 association mac-list 700
Regards
12-30-2013 12:52 AM
12-30-2013 11:58 PM
Hi Patric,
Can u try this :
privilege configure level 14 access-list
and all other with priv 13.
privilege exec level 13 write memory
privilege exec level 13 write
privilege exec level 13 configure terminal
privilege exec level 13 configure
privilege exec level 13 show dot11 associations client
privilege exec level 13 show dot11 associations
privilege exec level 13 show dot11
privilege exec level 13 show access-lists
privilege exec level 13 show
and then try to configure it.
If still fails then u must use priv 15 .
Regards
12-31-2013 01:06 AM
Hi Sandee,
I tested with priviledge 6 or 13 and it is the same
!
username ose_admin privilege 13 password ******
enable password level 13 *******
privilege ipsnacl level 13 permit
privilege configure level 13 access-list
privilege exec level 13 write memory
privilege exec level 13 write
privilege exec level 13 configure terminal
privilege exec level 13 configure
privilege exec level 13 show dot11 associations client
privilege exec level 13 show dot11 associations
1602AP16(config)#access-list 700 permit a44e.3174.ed84 0000.0000.0000
^
% Invalid input detected at '^' marker.
The rest of commands are working :-(
Thank you !
And ***Happy New Year !! ***
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: