5-3
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter5 Administrating the Access Point
Preventing Unauthorized Access to Your Access Point
Preventing Unauthorized Access to Your Access Point
You can prevent unauthorized users from reconfiguring the wireless device and viewing configuration
information. Typically, you want network administrators to have access to the wireless device while you
restrict access to users who connect through a terminal or workstation from within the local network.
To prevent unauthorized access to the wireless device, you should configure one of these security
features:
Username and password pairs, which are locally stored on the wireless device. These pairs
authenticate each user before that user can access the wireless device. You can also assign a specific
privilege level (read only or read/write) to each username and password pair. For more information,
see the “Configuring Username and Password Pairs” section on page5-7. The default username is
Cisco, and the default password is Cisco. Usernames and passwords are case-sensitive.
Note Characters TAB, ?, $, +, and [ are invalid characters for passwords.
Username and password pairs stored centrally in a database on a RADIUS or TACACS+ security
server. For more information, see the “Controlling Access Point Access with RADIUS” section on
page 5-12 and the “Controlling Access Point Access with TACACS+” section on page5-17.
Protecting Access to Privileged EXEC Commands
A simple way of providing terminal access control in your network is to use passwords and assign
privilege levels. Password protection restricts access to a network or network device. Privilege levels
define what commands users can issue after they have logged into a network device.
Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS
Security Command Reference for Release 12.3.
This section describes how to control access to the configuration file and privileged EXEC commands.
It contains this configuration information:
Default Password and Privilege Level Configuration, page5-4
Setting or Changing a Static Enable Password, page5-4
Protecting Enable and Enable Secret Passwords with Encryption, page5-6
Configuring Username and Password Pairs, page5-7
Configuring Multiple Privilege Levels, page5-8