Re: Can't see where the Client/Endpoint AAA servers are configured?

andrew.butterworth · ‎09-06-2023

I have been looking at a network that is already deployed and working. There is a single DNA node and two ISE nodes to authenticate Wireless clients. The AAA for device access is an external TACACS+ service (not ISE).

In the Design/Network Settings under AAA Server, only the 'Network' box is ticked and two AAA TACACS servers are defined. This is for admin access to the various switches and the WLC that DNA is managing. The 'Client/Endpoint' box isn't checked. On the same page but under the 'Wireless' tab I can see some SSID's defined with the AAA settings configured, but different servers (RADIUS obviously) to the 'AAA Server' on the 1st 'Network' page. I can't see where these RADIUS servers get configured in DNA.

balaji.bandi · ‎09-06-2023

what WLC Model ? these information may be coming from WLC when you sync the device ? ( aim in guess) - until you show the screenshot where you looking ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

andrew.butterworth · ‎09-06-2023

Its a C9800 WLC. In the AAA settings for the SSID, the RADIUS servers appear in the drop-down list. The configuration on the C9800 WLC appears to be pushed from DNAC as the servers themselves are labelled 'dnac-radius_x.x.x.x' and the group is labelled 'dnac-rGrp-xxxxxxxx' where 'xxxxxxxxx' is the profile name. It really doesn't look like this was manually applied to the C9800 WLC.

andrew.butterworth · ‎09-08-2023

Found it.... System, Settings, External Services, Authentication and Policy Servers

balaji.bandi · ‎09-08-2023

Cheers all good and glad that you found it.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help