topic Thank you very much i woking in Network Access Control

WLC no Authentication AAA TACACS+ ACS 5.5

rnavarrete — Mon, 11 Mar 2019 07:28:19 GMT

hello everybody, I have a issues with authentication WLC with ACS 5.5 on ACS log:

but en WLC no authentication USERS with AD

AAA Authentication Success for UserName: User Type: UNKNOWN:0

I don´t have issues with authentication router,swtich and asa. but WLC version 8 if i have problem authenticacion with tacacs+ can you help me please.

Hi,

Gagandeep Singh — Sat, 18 Feb 2017 21:11:42 GMT

Hi,

WLC doesn't understand prIv level 15 like switch or router.

You need to create shell profile for role1=ALL without priv-15.

Attached screenshot for reference.

Regards

Gagan

PS: RATE IF IT HELPS!!!!

Hello

Rafael Mauricio Navarrete Echegoyen — Mon, 20 Feb 2017 14:29:23 GMT

Hello

Gagandeep Singh today create profile role1=ALL without priv-15. but with users de AD i can not access WLC

Attached screenshot

can you helpe me please

Please send the failed report

Gagandeep Singh — Mon, 20 Feb 2017 16:17:28 GMT

Please send the failed report from ACS. Are you trying to make it work with AD or internal users.

Regards

Gagan

Hello I trying with Users AD.

Rafael Mauricio Navarrete Echegoyen — Mon, 20 Feb 2017 17:07:19 GMT

Hello I trying with Users AD. log ACS authenticacion is successful but I dont access WLC.

user AD:rnavarrete

passAD:Password1234

en WLC show:

401 Unauthorized

thank you

Rafael Navarrete

I want failed authentication

Gagandeep Singh — Mon, 20 Feb 2017 17:16:38 GMT

I want failed authentication detailed report for your WLC access session.

Also send the screenshot from

Access policy > Device administration > authorization.

Need to check rule created...

Hello I send you screenshot.

Rafael Mauricio Navarrete Echegoyen — Mon, 20 Feb 2017 19:00:12 GMT

Hello I send you screenshot.

You haven't call WLCpermit

Gagandeep Singh — Mon, 20 Feb 2017 20:01:41 GMT

You haven't call WLCpermit shell profile in Authorization rule...

You need to call it then it will work.

Create new rule for WLC just not to impact other rules..

Regards

Gagan

PS: rate as correct if it helps!!!!

hello, I have a WLCpermit

Rafael Mauricio Navarrete Echegoyen — Mon, 20 Feb 2017 20:14:42 GMT

hello, I have a WLCpermit shell profile but I dont know how create the rule without to impact other rules.(create profile role1=ALL without priv-15. but with users de AD )

can watch de sreenshot

can you help me ?

Create one more authorization

Gagandeep Singh — Mon, 20 Feb 2017 20:19:20 GMT

Create one more authorization rule with one condition that could be Device IP : WLC IP and result would be WLC shell profile and command set for full access.

Make this rule at the top for just WLC access....

Regards

Gagan

Thank you very much i woking

Rafael Mauricio Navarrete Echegoyen — Mon, 20 Feb 2017 20:35:46 GMT

Thank you very much i woking access wlc one more quiestion if possible create other rule to access WLC as user read-only can you help me

regards

Rafael Navarrete

You can use role1=MONITOR

Gagandeep Singh — Mon, 20 Feb 2017 20:39:50 GMT

You can use role1=MONITOR

Rate as correct for helpful threads!!!!

Regards

Gagan

thank you very much. now

Rafael Mauricio Navarrete Echegoyen — Tue, 21 Feb 2017 14:19:29 GMT

thank you very much. now working WLC authentication with user READ WRITE AND READY ONLY.

best regards

Rafael Navarrete

Rate this thread as correct!!

Gagandeep Singh — Tue, 21 Feb 2017 16:19:14 GMT

Rate this thread as correct!!!!