cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2880
Views
5
Helpful
4
Replies

Light Weight Access Point and Tacacs authentication

Totardo Tobing
Level 1
Level 1

Hello,

I need a help here,

My access points already joined WLC. I want to configure it so everyone who wants to log on to the access point is authenticated using tacacs authentication? How can I do this? I already search at the Configuration guide but I can't find and I can't find a command to input the tacacs server in that lightweight access points.

Can you help me of how to configure lightweight access point that already join the controller so everyone who wants to log in to it is authenticated using tacacs authentication?

Kind regards,

1 Accepted Solution

Accepted Solutions

ahh, ok.  No, you can't do that as the AP isn't aware of TACACS. 

Out of curiosity, why would you need/want to go to the AP?  For the most part you can pull any of the show commands from the CLI of the WLC, which is TACACS aware.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

4 Replies 4

Stephen Rodriguez
Cisco Employee
Cisco Employee

First, TACACS is used for authentication of a management user accessing the WLC.  NOT for user authentication to the network.

Second, in a lightweight environment, you don't auth to the AP, but to the WLC.

So, you need to make sure that your ACS is configured for RADIUS authentication, for the users.  Define the server in the RADIUS section of the Security tab, then configure the WLAN for WPA/TKIP or WPA2/AES with 802.1x as the auth method.

find the section:

Configure the WLC for WPA

from the below examples

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#configs

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Thanks Steve for your response,

But what my boss needs is each time we telnet to the access point (lightweight) we use username and password that listed in tacacs. Can we do that? Can we configure the access point to do that?

Warm regards.

ahh, ok.  No, you can't do that as the AP isn't aware of TACACS. 

Out of curiosity, why would you need/want to go to the AP?  For the most part you can pull any of the show commands from the CLI of the WLC, which is TACACS aware.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

You are right!! Lightweight access point is unaware of TACACS but WLC do.

When I try to type one of tacacs-specific command: "ip tacacs-server" @ the access point's CLI, command doesn't appear. I kind not believe the LAP don't support TACACS. I try to search in config guide and then in here.

About the reason, I don't know. Maybe for better security I think. Thanks for you.

Cheers,

Review Cisco Networking for a $25 gift card