cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
662
Views
8
Helpful
6
Replies

Any way to authorize lightweight AP without AAA??

rcullum
Level 1
Level 1

I just want to know if you can authorize a lightweight AP without AAA. Looks like you can create local list on WLC for APs that have SSC, but doesn't seem to work for APs with MIC, even though MIC option is in dropdown.

6 Replies 6

Leo Laohoo
Hall of Fame
Hall of Fame

You mean create a Net User?

No, I mean authorize an AP without having to go to a AAA server.

gamccall
Level 4
Level 4

You have to check the box for "allow self-signed certificates" for MICs to work.

http://www.cisco.com/application/pdf/paws/70341/manual_add_ssc.pdf

Leo Laohoo
Hall of Fame
Hall of Fame

LAP's don't "do" AAA. IT's the WLC that does all the smarts. I don't understand what you are trying to do.

You can authorize APs with AAA. Look at:

http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42lwap.html#wp1198207

You can authorize APs locally if APs have SSCs installed. When you add an AP into the authorization list, there's an option to select MIC or SSC. If you select SSC, local authorization works (without AAA). If you select MIC, local authorization doesn't appear to work.

I don't want any LWAPP AP to be able to join my network. Disabling DHCP options so new APs can't find controller is not an elegant solution to preventing this.

rcullum is correct here. You could also do some creative stuff with a MAC ACL. The best way though is to do it with the SSC box. I would suggest disabling your dhcp options as this could cause major outages if the APs lost their local controller addresses.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: