ā12-21-2020 01:42 PM
I followed the WLC section of the ISE Device Administration Prescriptive Deployment Guide here and authentication and authorization is working as expected. However when looking at the TACACS live logs in ISE for an authorization request I don't see the actual commands that a user has tried to execute (when logging into the WLC via CLI or GUI). Per the guide it doesn't seem like we need to specify a command set in the policy rules, just the shell profile. I have tried with a permitall command set as well but no luck,
Should we see the command that was executed on WLC's when using TACACS, just like for other devices (routers, switches, firewalls etc..)?
Here is a working one from a firewall, where we see the command a user executed:
Solved! Go to Solution.
ā12-22-2020 12:31 AM
hello
i had the same problem with wlc 3504, when i open the case in TAC they tell me this feature is not supported in this version , it is only supported in cisco wlc 9000
ā12-22-2020 12:31 AM
hello
i had the same problem with wlc 3504, when i open the case in TAC they tell me this feature is not supported in this version , it is only supported in cisco wlc 9000
ā12-22-2020 05:52 PM
Nadia Bbz is correct. AireOS WLC does not support command authorization whereas the Cisco Catalyst 9800 series WLC is running IOS-XE so has such support.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide