Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
5
Helpful
3
Replies

Catalyst APs: SSH and login with RADIUS (instead of local admin user)?

Go to solution
coolbreeze
Level 1
Level 1

‎09-09-2025 10:11 AM

Scenario: a catalyst 9800 controller and catalyst series APs.  In the controller, is a custom AP join profile.

Historically (on AirOS 5508 controller for example), to SSH to an AP the login credentials were configured either in a global AP profile or per AP as needed from on the controller, but the only option was local administrator user configuration, e.g. username "company-admin" with password and enable secret.

In the catalyst 9800 controller AP profile, there is the same area for AP management with user, with a local admin username we configured (see first screenshot).

QUESTIONS:  Is there a way to SSH log into the APs with RADIUS admin credentials instead of local only?
And/or can someone demystify what this "Management -> Credentials -> Dot1X Credentials" spot does (see second screen shot)?  Haven't been able to find literature with the information I am looking for to answer these questions.

Thanks!

coolbreeze_1-1757437048946.png

 

coolbreeze_2-1757437154378.png

 

 

 

 

2 Accepted Solutions

Accepted Solutions

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎09-09-2025 10:39 AM

 

  - @coolbreeze    Ref : https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217848-configure-802-1x-supplicant-for-access-p.html
                            The 'dot1x username' only applies when configuring a Cisco Access Point (AP) as a 802.1x supplicant to be authorized on a switchport against a RADIUS server.
                              You can not use Radius for  the local ssh and telnet credentials
 
 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

View solution in original post

Go to solution
MHM Cisco World
VIP
VIP

‎09-09-2025 10:47 AM

1- you can not use AAA server to authc access to AP
2- dot1x is way  to authc AP to WLC 

MHM

View solution in original post

3 Replies 3

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎09-09-2025 10:39 AM

 

  - @coolbreeze    Ref : https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217848-configure-802-1x-supplicant-for-access-p.html
                            The 'dot1x username' only applies when configuring a Cisco Access Point (AP) as a 802.1x supplicant to be authorized on a switchport against a RADIUS server.
                              You can not use Radius for  the local ssh and telnet credentials
 
 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Go to solution
MHM Cisco World
VIP
VIP

‎09-09-2025 10:47 AM

1- you can not use AAA server to authc access to AP
2- dot1x is way  to authc AP to WLC 

MHM

Go to solution
coolbreeze
Level 1
Level 1

‎09-09-2025 11:45 AM

Thanks @Mark Elsen  and @MHM Cisco World that was what I was looking for!

Solution marked and helpful posts voted.  Thanks again

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card