Re: Any way to authorize lightweight AP without AAA??

rcullum · ‎05-01-2009

I just want to know if you can authorize a lightweight AP without AAA. Looks like you can create local list on WLC for APs that have SSC, but doesn't seem to work for APs with MIC, even though MIC option is in dropdown.

Leo Laohoo · ‎05-01-2009

You mean create a Net User?

rcullum · ‎05-05-2009

No, I mean authorize an AP without having to go to a AAA server.

gamccall · ‎05-05-2009

You have to check the box for "allow self-signed certificates" for MICs to work.

http://www.cisco.com/application/pdf/paws/70341/manual_add_ssc.pdf

Leo Laohoo · ‎05-05-2009

LAP's don't "do" AAA. IT's the WLC that does all the smarts. I don't understand what you are trying to do.

rcullum · ‎05-06-2009

You can authorize APs with AAA. Look at:

http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42lwap.html#wp1198207

You can authorize APs locally if APs have SSCs installed. When you add an AP into the authorization list, there's an option to select MIC or SSC. If you select SSC, local authorization works (without AAA). If you select MIC, local authorization doesn't appear to work.

I don't want any LWAPP AP to be able to join my network. Disabling DHCP options so new APs can't find controller is not an elegant solution to preventing this.

dennischolmes · ‎05-06-2009

rcullum is correct here. You could also do some creative stuff with a MAC ACL. The best way though is to do it with the SSC box. I would suggest disabling your dhcp options as this could cause major outages if the APs lost their local controller addresses.