05-23-2012 04:07 AM - edited 07-03-2021 10:12 PM
Dear friends,
We are currently using several AP's in our organization. And in this one AP i want to give a user the power to change the password of the wireless network to prevent miss use. I was wondering if it was possible to create an account who only has the privilege to change the WPA key?? I want to prevent that he will accidently change other settings.
Thnx.
gr,
W.
Solved! Go to Solution.
05-23-2012 07:37 PM
You could configure a different privilege level for this user and only allow him certain commands. See attached
http://www.cisco.com/en/US/docs/routers/access/800/860-880-890/software/configuration/guide/admin_ap.html#wp1057156
Sent from Cisco Technical Support iPad App
05-23-2012 05:02 PM
Nope. Not possible.
05-23-2012 07:37 PM
You could configure a different privilege level for this user and only allow him certain commands. See attached
http://www.cisco.com/en/US/docs/routers/access/800/860-880-890/software/configuration/guide/admin_ap.html#wp1057156
Sent from Cisco Technical Support iPad App
05-23-2012 09:29 PM
You could configure a different privilege level for this user and only allow him certain commands.
True but to be allowed to only change ONE THING? I don't think it'll work.
Just thought of an idea: Why don't you create a script. The script allows the user to enter only ONE value (the new password) and the script goes and telnet/ssh into the WAP, changes the password, exits and saves the config.
05-24-2012 05:10 AM
Sorry, leolaohoo, you're completely wrong on this. Please read the document that George linked. You have complete control over which commands are assigned to which privilege level, and if you want to make a privilege level that can only change the encryption you can absolutely do that.
The other way to do this would be with TACACS+ Authorization, and define a specific allowed command list for that user on your ACS server. This also gives you complete granular control down to the individual command.
I prefer to use the AAA route, but if you're on a small site with no ACS server then custom privilege levels are definitely a working option.
05-24-2012 03:13 PM
Sorry, leolaohoo, you're completely wrong on this.
Fair enough.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide