05-01-2009 07:53 AM - edited 07-03-2021 05:31 PM
I just want to know if you can authorize a lightweight AP without AAA. Looks like you can create local list on WLC for APs that have SSC, but doesn't seem to work for APs with MIC, even though MIC option is in dropdown.
05-01-2009 06:42 PM
You mean create a Net User?
05-05-2009 01:43 AM
No, I mean authorize an AP without having to go to a AAA server.
05-05-2009 08:46 AM
You have to check the box for "allow self-signed certificates" for MICs to work.
http://www.cisco.com/application/pdf/paws/70341/manual_add_ssc.pdf
05-05-2009 02:04 PM
LAP's don't "do" AAA. IT's the WLC that does all the smarts. I don't understand what you are trying to do.
05-06-2009 12:22 AM
You can authorize APs with AAA. Look at:
http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42lwap.html#wp1198207
You can authorize APs locally if APs have SSCs installed. When you add an AP into the authorization list, there's an option to select MIC or SSC. If you select SSC, local authorization works (without AAA). If you select MIC, local authorization doesn't appear to work.
I don't want any LWAPP AP to be able to join my network. Disabling DHCP options so new APs can't find controller is not an elegant solution to preventing this.
05-06-2009 03:48 AM
rcullum is correct here. You could also do some creative stuff with a MAC ACL. The best way though is to do it with the SSC box. I would suggest disabling your dhcp options as this could cause major outages if the APs lost their local controller addresses.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide