cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2240
Views
0
Helpful
5
Replies

WLC Admin Profiles

Florin Barhala
Level 6
Level 6

Hi guys,

 

I need to handle WLC credentials to several locations so that local IT can add local MAC addresses. We are using on global SSID with MAC Filtering on multiple sites.

Except giving read-write accounts to each, is there a way for more granular permissions to WLC. I need them something like read-only for Monitoring Clients and also add MACs to the Security tab. I need some way of creating Admin Profiles.

1 Accepted Solution

Accepted Solutions

You would need to have a TACACS server. There isn't a way to do that with just a WLC.
-Scott
*** Please rate helpful posts ***

View solution in original post

5 Replies 5

Sandeep Choudhary
VIP Alumni
VIP Alumni

Hi,

If I understood your question that you want to give read only access to local IT guys at respective plant.

you can push the template via WCS or Prime infra.

 

or you can do manually on each wlc and assign the READ ONLY permission:

here is the way to configure:

http://www.my80211.com/cisco-wlc-cli-commands/2010/1/27/wlc-configure-administrator-user-names-and-passwords-in-cli.html

 

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0MR1/configuration/guide/wlc_cg70MR1/cg_controller_setting.html#99506

 

Regards

Dont forget to rate helpful posts

It's not that at all.

I can give access to local-IT to see the entire configuration, but I need them to be able to ADD MAC addresses to the Security tab on the WLC. So what role can I give them except read-write?

I am not happy giving the read-write role as they could mess up my entire WLC config. What is the best practice for this type of scenario?

Scott Fella
Hall of Fame
Hall of Fame

There isn't really a way you can allow them to just do one thing and also monitor.  The use of TACACS can allow the user to only see one of the WLC GUI tabs, but then they can make changed to that tab, in your case, the Security tab. 

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/91631-uwn-tacacs-config.html

-Scott
*** Please rate helpful posts ***

Hi Scott,

Let's then forget about viewing the entire configuration.

How can I give local-IT access to only add/change/delete MAC addresses section or if not give them access to the Security TAB only?

You would need to have a TACACS server. There isn't a way to do that with just a WLC.
-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card