Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
904
Views
0
Helpful
2
Replies

Problem with AP1200 Web admin authentication on Cisco Secure

zadmin
Community Member

‎03-20-2003 08:44 AM - edited ‎07-04-2021 08:35 AM

Hello,

I have defined a Radius Authentication for administrators logging on the AP1200 Web interface.

I can see a successfull authentication on the Cisco Secure and if I trace the packet coming back from the Cisco Secure, I can see a 'Radius Access Accept'.

Unfortunately the AP1200 does not interpretate this info correctly and the administrator still get a login window. No logs are present on the AP1200.

The versions are:

CiscoSecure ACS v2.6 for Windows 2000/NT

Release 2.6(3) Build 2

AP1200 version 12.02T (the last one non-IOS available)

In the 'Radius Access Accept' packet coming back from the Cisco Secure I can see an AV pairs equal to 255.255.255.255. I think this should be the IP address of the AP1200 instead ?

Thanks

Labels:
0 Helpful
2 Replies 2

ndoshi
Cisco Employee
Cisco Employee

‎03-20-2003 11:54 AM

Hi ,

Have you defined Cisco AV Pair for this users ?

Using RADIUS, You need to use cisco AV-Pair attribute for admin users with following syntex

aironet:admin-capability=write+ident+admin+firmware

Here is the procedure for the admin user you to define the Cisco AV pair Attributes .

a) On acs select the interface configuration and go to the advance option ,

selct "per-user Tacacs/ radius attribute " click on submit .

b)On ACS , Select network configuration ,

1) check if you have configuration >> Radio ( IOS /PIX available ) on the ACS

if not add NAS type Radius IOS/PIX , note that this needed for IOS / PIX attribute

2) After adding IOS/PIX device , select interface configuration >>Radius ( IOS / PIX )

Enable [026/009/001] "cisco av-pair" option , again make sure that you enable

at user and group level click on submit

3) Add a user ( User setup >> ADD/EDIT ) to restrict administrator access control

1) enable and configure cisco 09\001 cisco av-pair using

aironet:admin-capability=write+ident+admin+firmware

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm#1073082

0 Helpful

zadmin
Community Member

‎03-31-2003 05:17 AM

Thanks a lot, this solve my problem !

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card