Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1206
Views
5
Helpful
3
Replies

Configure AAA on WLC with ISE Radius

DAVID
Level 3
Level 3

‎01-11-2018 12:22 PM - edited ‎02-21-2020 10:43 AM

I have added a WLC to ISE as a NAD device and configured ISE to only allow admin access to the WLC based on AD group but what is interesting is that even if I mistype my AD password I can still access the WLC. If I mistype my username but use correct password it denies me access to WLC which is what I would expect but allows me access to the WLC with correct username and wrong password.

 

WLC running 8.3.133

ISE 2.2.0.470 patch 4,5

 

What gives?

Labels:
0 Helpful
3 Replies 3

Ben Walters
Level 3
Level 3

‎01-11-2018 12:33 PM

What do your authentication and authorization rules look like for the WLC admin access?

 

It sounds like you might only be checking for username and allowing access based only on that.

0 Helpful

DAVID
Level 3
Level 3
In response to Ben Walters

‎01-11-2018 01:21 PM

Would that be in the authentication policy under conditions?

0 Helpful

johnd2310
Level 8
Level 8

‎01-11-2018 03:16 PM

Hi,

Check the authentication logs to see why the authentication is successful. You configuration on ISE might be missing something.The following doc should guide you in configuring authentication for WLC:

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/91631-uwn-tacacs-config.html

 

Thanks

John

**Please rate posts you find helpful**
Customers Also Viewed These Support Documents