01-11-2018 12:22 PM - edited 02-21-2020 10:43 AM
I have added a WLC to ISE as a NAD device and configured ISE to only allow admin access to the WLC based on AD group but what is interesting is that even if I mistype my AD password I can still access the WLC. If I mistype my username but use correct password it denies me access to WLC which is what I would expect but allows me access to the WLC with correct username and wrong password.
WLC running 8.3.133
ISE 2.2.0.470 patch 4,5
What gives?
01-11-2018 12:33 PM
What do your authentication and authorization rules look like for the WLC admin access?
It sounds like you might only be checking for username and allowing access based only on that.
01-11-2018 01:21 PM
Would that be in the authentication policy under conditions?
01-11-2018 03:16 PM
Hi,
Check the authentication logs to see why the authentication is successful. You configuration on ISE might be missing something.The following doc should guide you in configuring authentication for WLC:
Thanks
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide