09-29-2019 09:06 AM - edited 02-21-2020 11:10 AM
Solved! Go to Solution.
09-29-2019 06:36 PM
Hi mate,
TACACS and RADIUS config on ISE and WLC are 2 separate things.
When traffic reach ISE, it will know if it is for TACACS or RADIUS and you can have separate conditions for them on the policy set.
So you don't have to worry about messing your existing RADIUS configuration.
On the ISE, when you click on WLC. there's part for RADIUS Authentication Settings and TACACS Authentication Settings.
Same as on the actual WLC config as well.
Cheers,
Raffy
Here are 2 good links that you can use as reference:
https://networkproguide.com/how-to-configure-cisco-wlc-tacacs-cisco-ise-2-4/
09-30-2019 08:25 AM
As Raffy said the configuration for RADIUS and TACACS are completely separated.
Policy->Policy Sets is the RADIUS side of ISE
Work Centers->Device Administration->Device Admin Policy Sets is the TACACS side
Also as a best practice you should part out your wireless policy sets into use cases based on SSID. You can use the RADIUS called station ID attribute sent by the WLC to tell what SSID the user is connecting to and write different policy sets based on that.
09-29-2019 06:36 PM
Hi mate,
TACACS and RADIUS config on ISE and WLC are 2 separate things.
When traffic reach ISE, it will know if it is for TACACS or RADIUS and you can have separate conditions for them on the policy set.
So you don't have to worry about messing your existing RADIUS configuration.
On the ISE, when you click on WLC. there's part for RADIUS Authentication Settings and TACACS Authentication Settings.
Same as on the actual WLC config as well.
Cheers,
Raffy
Here are 2 good links that you can use as reference:
https://networkproguide.com/how-to-configure-cisco-wlc-tacacs-cisco-ise-2-4/
09-30-2019 08:25 AM
As Raffy said the configuration for RADIUS and TACACS are completely separated.
Policy->Policy Sets is the RADIUS side of ISE
Work Centers->Device Administration->Device Admin Policy Sets is the TACACS side
Also as a best practice you should part out your wireless policy sets into use cases based on SSID. You can use the RADIUS called station ID attribute sent by the WLC to tell what SSID the user is connecting to and write different policy sets based on that.
10-01-2019 10:22 PM
10-01-2019 10:21 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide