Solved: Re: How to access ssh on Cisco Business CBW150AX ?

EasyZone · ‎04-26-2024

Dear all

I have a new cbw150ax-s unk access point.
I have set a captive portal and test AAA authen with external radius.
All work fine but there is no accounting send to my radius server.
So I need to access ssh to use terminal and enable radius accounting.
I enable SSHv2 on then I ssh to AP ip address.

I got error :

easyzone@easyzone-IdeaPad-5-15ITL05:~$ ssh 192.168.88.251 -l ssh
ssh@192.168.88.251: Permission denied (publickey,keyboard-interactive).

It seems cbw150ax needs a publickey instead of use normal username and password.

But there is no option in web management to generate a ssh public key.

I saw a serial port

But which cable I can connect to this port.

Please advice me.

Thank you in advance

Chuan chudabut
https://www.cloud-hotspot.com

marce1000 · ‎04-29-2024

- No , it's just means that SSH on the device is not available for customer use ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

EasyZone · ‎07-15-2024

I have found how to enable radius accounting for captive portal without access ssh.

Method is below

1. Go to Advanced > Primary AP Tools > Configuration Management

2. Download config.txt from this menu
3. edit config.txt (before edit the file you need to set a captive portal and test AAA authen with external radius first).

Find lines

config wlan radius_server acct interim-update disable 3600
config wlan radius_server acct disable 5

change them to

config wlan radius_server acct interim-update enable 3600
config wlan radius_server acct enable 5

4. save and upload config.txt to ap with the same menu.
5. wait for ap reboot them check it.

View solution in original post

marce1000 · ‎04-26-2024

- Could you hoover or press on the little blue question mark mark near sshv2 access ; you may get more info's as to how setup SSH ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

EasyZone · ‎04-29-2024

Thank you so much for your reply and I sorry for my late reply.

The picture below is message info on little blue question mark.
It is a message. It provides nothing about how to setup.
Please advice me ....

marce1000 · ‎04-29-2024

>...It provides nothing about how to setup.
It does : SSH is for Engineering debug only ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

EasyZone · ‎04-29-2024

This message means normal user can not access on ssh because we don't have a public key and there is no option to create a public key for ssh.
Is it right?

marce1000 · ‎04-29-2024

- No , it's just means that SSH on the device is not available for customer use ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

EasyZone · ‎04-30-2024

Thank you so much.
So I need to looking for a console serial connection port.

marce1000 · ‎04-30-2024

- Ref : https://www.cisco.com/c/en/us/support/docs/smb/wireless/CBW-AX/kmgmt3378-get-to-know-150ax-151axm.html
>.. Console Port (For Tech Support Only)

Seems like a dead lock...

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

EasyZone · ‎04-30-2024

My goal is to enable radius accouting for captive portal.

I wonder why EAP 802.1x authentication with external radius. a radius accouting function is enable by default.
But captive portal with external radius, a radius accouting function is not enable by default.

I try to enable it.
Do I need to submit on CBW feature request?

marce1000 · ‎04-30-2024

- Note sure if it can be done with captive portal , check this document :
https://www.cisco.com/c/en/us/td/docs/wireless/access_point/csbap/CBW_WiFi_6/Admin_Guide/b_cisco_business_wifi_6_admin_guide/m_4_wireless_settings.html

Look for Radius Accounting with Find in the browser ,

M,

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

EasyZone · ‎05-01-2024

Thank you.

But there is no radius accounting from captive portal sends to my radius server.

marce1000 · ‎05-01-2024

- To me it looks more that you will have to use higher end models and or APs out of the Small Business oriented market(s) ;
you may also ask Cisco through https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

EasyZone · ‎07-15-2024

I have found how to enable radius accounting for captive portal without access ssh.

Method is below

1. Go to Advanced > Primary AP Tools > Configuration Management

2. Download config.txt from this menu
3. edit config.txt (before edit the file you need to set a captive portal and test AAA authen with external radius first).

Find lines

config wlan radius_server acct interim-update disable 3600
config wlan radius_server acct disable 5

change them to

config wlan radius_server acct interim-update enable 3600
config wlan radius_server acct enable 5

4. save and upload config.txt to ap with the same menu.
5. wait for ap reboot them check it.