cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7122
Views
5
Helpful
12
Replies

Change AP config for SSH/Telnet from AP Specific to Global Config

jcosgrove
Level 1
Level 1

I may be missing this but some how all the AP's on one of my controllers are set to "AP Specific" rather then "Global Config" for the telnet and ssh access for the AP's on the Advanced tab.

 

Is there a way to "bulk" change this config to "Global Config" so I can control this access under the Global Configuration section of the controller?

I have Prime and there does not seem to be an area in a Lightweight Configuration area to set this on the AP's.

 

The only way I see this is to go to each AP via the GUI or CLI and make the change.

 

Thanks for any advice.

 

1 Accepted Solution

Accepted Solutions

Hi,

 

Option I:

 

Run the command config ap ssH default <AP Name> and config ap telnet default <AP Name> on CLI of the WLC. Post that APs will change the mode from AP Specific to Global Configuration. Then whatever configuration you are pushing via global configuration for AP SSH or telnet it will accept that.

 

Option II:

 

  • On Prime Go to Configuration --> Templates --> Lightweight Access Points and create a template for SSH and Telnet Disable as per the snap.
  • Then push the policy by going to AP Selection and select the APs whatever you want to disable the , then deploy right now or schedule a Task.
  • Post deploying this APs SSH and Telnet will get disabled but it won't change to global configuration.

Prime.jpg

 

Let me check in deep and tell you if any option to change it to Global Configuration from AP Specific via Prime.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

View solution in original post

12 Replies 12

Go to Wireless --> Global Configuration --> Global Telnet SSH, PFB snap for reference.

 

SSH2.jpg

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Those checks will enable and disable SSH and Telnet on AP's that are set to use Global Config.  Ap's that are set to "AP Specific" do not respond this this setting.  I am trying to bulk change all of the AP's to Global Config.  I think I will need to change each individual AP to get this done.

 

 

When you push global policy from the settings mention ,If the AP specific is enable. Then it will change to global configuration. I have tired and got the successful result. You don’t need to do on each and every AP.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Not here.  Running 8.2.170.0 but looking to upgrade soon.  Need to do the flash check on the AP's so I don't get any stranded during the upgrade.  

I currently have the check boxes checked under "Global Configuration" but the AP's stay this way.  I even tried to SSH and changing the global check does not change the ability of the AP to allow SSH connections.  This AP is set to overide the global policy so you can work on 1 AP while the others do not allow SSH.  With there was a global way to change them to global.  Will need to go thru and do them one at a time unless I write a script.  Just not sure how they got this way.?

AP Specific.png

three methods I could see here:

1. Go to each AP and make the change via CLI or GUI - not practice

2. Create a script to do this for you

3. Utilize Prime to push a lightweight AP template to make the changes

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

Hi,

 

Option I:

 

Run the command config ap ssH default <AP Name> and config ap telnet default <AP Name> on CLI of the WLC. Post that APs will change the mode from AP Specific to Global Configuration. Then whatever configuration you are pushing via global configuration for AP SSH or telnet it will accept that.

 

Option II:

 

  • On Prime Go to Configuration --> Templates --> Lightweight Access Points and create a template for SSH and Telnet Disable as per the snap.
  • Then push the policy by going to AP Selection and select the APs whatever you want to disable the , then deploy right now or schedule a Task.
  • Post deploying this APs SSH and Telnet will get disabled but it won't change to global configuration.

Prime.jpg

 

Let me check in deep and tell you if any option to change it to Global Configuration from AP Specific via Prime.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

It seems the AP Specific vs. Global Config is a config specific to each AP and does not seem to be a way to push this change to all the AP's via the default prime configs.  I am running Prime version 8.2 so I am not sure if this has changed in newer versions of Prime.

Yes, You can't modify the AP Specific to Global Configuration and vice versa via Cisco Prime template.

 

Its better to go with Option I on my previous response.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

That is what I was trying to avoid.  Needs to be some template push in Prime but there is not.  I am puzzled on how these devices ended up this way at all.

 

Thanks everyone for your input.

 

JC

Should be possible, just had a look at my Prime 3.5.
Go to Configuration - Lightweight Access Points - new Template.
Now under AP Parameters - General you should select the "SSH Access" and "Telnet Access" option, while not selecting the "Enabled" box.
That way it should push a disabled option to the APs. With some luck this will put it back to global.

By doing this its disabling/enabling the ssh or telnet access. But no options available in prime to modify from ap specific to global configuration. :(

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

If I do that directly on the WLC (disabling SSH), it will be automatically set to "Global Controlled". Did you check this?

What AP type do you have?
The older models (up to 2700, 1700, ...) series supported this command on the cli:
debug capwap console cli
Can you do that and then send me a show runn? Maybe I can see something there, which would allow a custom configuration script.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: