Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1836
Views
0
Helpful
4
Replies

CAPWAP AP RADIUS Authentication for Management Access

Pony Express
Level 1
Level 1

‎12-03-2019 09:43 PM

Hello!

 

I'd like to setup RADIUS Authentication for management session to CAPWAP (lightweitgh) AP itself. For example, I setup switches when establishing SSH-session to it RADIUS authenticates my user account.

That is,

- I have WLC-managed Access Point;

- I have RADIUS configured;

- I have my user account in RADIUS;

and I'd like to enter AP using my credentials stored in RADIUS.

 

For now I should rememeber LOCAL ACCOUNT for AP -> PER AP, this is inconvinient awfully. I've enabled SSH to all APS through Wireless -> Global Configuration.

 

Again, the speech is not about how to authenticate AP itself via RADIUS (MACs and so on). The question: How to enable AAA for login/enable as for other devices like switches or routers.

 

Regards,

Ellad

Labels:
0 Helpful
4 Replies 4

marce1000
Hall of Fame
Hall of Fame

‎12-04-2019 01:03 AM

 

 

 - I consider this requirement to be 'serious overkill' and doubt it is possible. The reason being that CAPWAP-based AP's are intended to be managed and configured from the controller (or Prime for instance).

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Ben Walters
Level 4
Level 4

‎12-04-2019 10:41 AM

At this point it is not possible for RADIUS auth to the APs for SSH sessions. I agree it would be something nice to have, even though it may be "overkill" essentially every other piece of network hardware I manage uses RADIUS auth with my AD account and I still have to log in to an AP to look at things from time to time. 

 

You can set a global username/password which is what we do under Wireless > Access Points > Global Configuration. At least this way we only have to remember one username/password for all APs.  

0 Helpful

Pony Express
Level 1
Level 1
In response to Ben Walters

‎12-04-2019 09:11 PM

Ok, ok.. :-)

 

But, could you, please, tell me whye they still have SSH ENABLED if we control them COMPLETELY from WLC? Why do they might have independent local accounts enabled for the SSH connections to them?

0 Helpful

marce1000
Hall of Fame
Hall of Fame
In response to Pony Express

‎12-05-2019 02:33 AM

 

 In order to disable SSH connections on your controller go to  Wireless > Access Points > Global Configuration. and unselect the SSH (and Telnet)  boxes.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card