cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
966
Views
0
Helpful
4
Replies
Highlighted
Beginner

CAPWAP AP RADIUS Authentication for Management Access

Hello!

 

I'd like to setup RADIUS Authentication for management session to CAPWAP (lightweitgh) AP itself. For example, I setup switches when establishing SSH-session to it RADIUS authenticates my user account.

That is,

- I have WLC-managed Access Point;

- I have RADIUS configured;

- I have my user account in RADIUS;

and I'd like to enter AP using my credentials stored in RADIUS.

 

For now I should rememeber LOCAL ACCOUNT for AP -> PER AP, this is inconvinient awfully. I've enabled SSH to all APS through Wireless -> Global Configuration.

 

Again, the speech is not about how to authenticate AP itself via RADIUS (MACs and so on). The question: How to enable AAA for login/enable as for other devices like switches or routers.

 

Regards,

Ellad

4 REPLIES 4
Highlighted
VIP Advisor

 

 

 - I consider this requirement to be 'serious overkill' and doubt it is possible. The reason being that CAPWAP-based AP's are intended to be managed and configured from the controller (or Prime for instance).

 M.

Highlighted
Participant

At this point it is not possible for RADIUS auth to the APs for SSH sessions. I agree it would be something nice to have, even though it may be "overkill" essentially every other piece of network hardware I manage uses RADIUS auth with my AD account and I still have to log in to an AP to look at things from time to time. 

 

You can set a global username/password which is what we do under Wireless > Access Points > Global Configuration. At least this way we only have to remember one username/password for all APs.  

Highlighted

Ok, ok.. :-)

 

But, could you, please, tell me whye they still have SSH ENABLED if we control them COMPLETELY from WLC? Why do they might have independent local accounts enabled for the SSH connections to them?

Highlighted

 

 In order to disable SSH connections on your controller go to  Wireless > Access Points > Global Configuration. and unselect the SSH (and Telnet)  boxes.

 M.

Content for Community-Ad