cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
435
Views
8
Helpful
6
Replies
Highlighted
Beginner

Any way to authorize lightweight AP without AAA??

I just want to know if you can authorize a lightweight AP without AAA. Looks like you can create local list on WLC for APs that have SSC, but doesn't seem to work for APs with MIC, even though MIC option is in dropdown.

6 REPLIES 6
Highlighted
Hall of Fame Community Legend

You mean create a Net User?

Highlighted

No, I mean authorize an AP without having to go to a AAA server.

Highlighted
Enthusiast

You have to check the box for "allow self-signed certificates" for MICs to work.

http://www.cisco.com/application/pdf/paws/70341/manual_add_ssc.pdf

Highlighted
Hall of Fame Community Legend

LAP's don't "do" AAA. IT's the WLC that does all the smarts. I don't understand what you are trying to do.

Highlighted

You can authorize APs with AAA. Look at:

http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42lwap.html#wp1198207

You can authorize APs locally if APs have SSCs installed. When you add an AP into the authorization list, there's an option to select MIC or SSC. If you select SSC, local authorization works (without AAA). If you select MIC, local authorization doesn't appear to work.

I don't want any LWAPP AP to be able to join my network. Disabling DHCP options so new APs can't find controller is not an elegant solution to preventing this.

Highlighted

rcullum is correct here. You could also do some creative stuff with a MAC ACL. The best way though is to do it with the SSC box. I would suggest disabling your dhcp options as this could cause major outages if the APs lost their local controller addresses.

Content for Community-Ad