03-18-2022 11:32 AM
Hello, I'm wondering if there is a way to configure a specific SSID to be managed by a non admin user group without providing admin access to the entire WLC. I didn't see anything specific in the WLC GUI that would allow this and have tried to see if it's possible thru the CLI but no luck yet.
Also curious if it would be possible using something like ISE to provide the admin access to a specific SSID.
Thanks,
03-18-2022 12:13 PM
Not sure what you are asking. You want a user to access the wlc web interface and be able to change the configuration in one SSID only? I dont see how. For example, you can determine which command an user can run based on the TACACS privileges on the device but the SSID is a parameter on the command, not a command.
03-18-2022 12:47 PM
In AireOS you can give 3 level of access.
1. Read only
2. Read and write
3 lobby admin
So what you are requesting is not possible, you will not be able to limit a certain user group from configuration and management of one single SSID. Closest you can have is lobby admin account, where you can give certain group of users access to approve and add users to a certain SSID. If you are using ISE with CWA the same lobby admin scenario can be replicated with much granular level of access.
03-18-2022 01:00 PM
Thank you I saw that in the config guide as well. I do need to look into ISE more but it does seem that though they can add users this request was to allow them to change the PSK if required for the SSID and other potential parameters. I've never seen this done before either but it was a request we received so had to see if it was possible.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide