08-22-2004
04:31 AM
- last edited on
07-04-2021
09:55 AM
by
cc_security_lab
Hello, I have a more then 100 AP's on my network.
I want to manage all the AP's with one USER/PASS that allowed on my ACS.
I try to mark the " Authentication Server if not found in Local List" on Security page and to configure the RADIUS Server on Server Manager Page but I still can't get into the AP's.
Note: on the ACS Pass log I see that the Username was passed
Can I get any idea ?
08-25-2004 03:30 AM
The web management page never seems to work for me, however the following commands should fix your issue:
aaa authentication login default local group radius
aaa authentication login eap_methods group radius
aaa authentication enable default group radius enable
aaa authorization exec default group radius none
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group radius
aaa accounting commands 1 default start-stop group radius
aaa accounting commands 15 default start-stop group radius
You'll have to enter this from ios, but it should fix your issue.
One other thing to watch out for is the web management authentication
either:
ip http authentication aaa
or
ip http authentication local
08-25-2004 03:50 AM
10X
I fix the problem by adding the pramater "Priv-lv1=15" on cisco-av-pair on ACS
Aharon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide