Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
176
Views
0
Helpful
2
Replies

Give permission to configure AP without the possibility to disable HA

steiostb1
Level 1
Level 1

‎02-07-2025 02:38 AM

Since configuration is done through Catalyst Center, is there a way to limit access for a user to just configure an AP  and not be able to configure the WLC in ways that can take down the hole wireless network? 
 
To give a user access to configure an access point you have to turn on these permissions in the role based access control:
  • network provision - provision (write)
  • network provision - inventory management - network device (read)
  • utilization - scheduler (write)
 
With these permissions the user also have permission to disable HA on the WLC, which will bring down the hole wireless network.
 
Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎02-07-2025 04:15 AM - edited ‎02-07-2025 04:16 AM

@steiostb1 

Not sure If possible that level of granularity but I believe you need to work on the tacacs server and DNAC integration. If you are given to user Full access to DNAC I dont believe you can limit the access from there. 

0 Helpful

steiostb1
Level 1
Level 1
In response to Flavio Miranda

‎03-07-2025 04:44 AM

The tacas/radius-server will send back the 'Role=" av-pair which matches what have been created in Catalyst Center. I take it that Catalyst Center dont allow a user to just do small changes on the network (like changing name of the AP), wihout giving permission potensially bring down the hole network.

Really hope this is a features that will come soon!

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card