cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1655
Views
0
Helpful
4
Replies

CAPWAP AP RADIUS Authentication for Management Access

Pony Express
Level 1
Level 1

Hello!

 

I'd like to setup RADIUS Authentication for management session to CAPWAP (lightweitgh) AP itself. For example, I setup switches when establishing SSH-session to it RADIUS authenticates my user account.

That is,

- I have WLC-managed Access Point;

- I have RADIUS configured;

- I have my user account in RADIUS;

and I'd like to enter AP using my credentials stored in RADIUS.

 

For now I should rememeber LOCAL ACCOUNT for AP -> PER AP, this is inconvinient awfully. I've enabled SSH to all APS through Wireless -> Global Configuration.

 

Again, the speech is not about how to authenticate AP itself via RADIUS (MACs and so on). The question: How to enable AAA for login/enable as for other devices like switches or routers.

 

Regards,

Ellad

4 Replies 4

marce1000
VIP
VIP

 

 

 - I consider this requirement to be 'serious overkill' and doubt it is possible. The reason being that CAPWAP-based AP's are intended to be managed and configured from the controller (or Prime for instance).

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Ben Walters
Level 3
Level 3

At this point it is not possible for RADIUS auth to the APs for SSH sessions. I agree it would be something nice to have, even though it may be "overkill" essentially every other piece of network hardware I manage uses RADIUS auth with my AD account and I still have to log in to an AP to look at things from time to time. 

 

You can set a global username/password which is what we do under Wireless > Access Points > Global Configuration. At least this way we only have to remember one username/password for all APs.  

Ok, ok.. :-)

 

But, could you, please, tell me whye they still have SSH ENABLED if we control them COMPLETELY from WLC? Why do they might have independent local accounts enabled for the SSH connections to them?

 

 In order to disable SSH connections on your controller go to  Wireless > Access Points > Global Configuration. and unselect the SSH (and Telnet)  boxes.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: