Solved: ISE TACACS with WLC - ISE doesn't show command that was executed

Madura Malwatte · ‎12-21-2020

I followed the WLC section of the ISE Device Administration Prescriptive Deployment Guide here and authentication and authorization is working as expected. However when looking at the TACACS live logs in ISE for an authorization request I don't see the actual commands that a user has tried to execute (when logging into the WLC via CLI or GUI). Per the guide it doesn't seem like we need to specify a command set in the policy rules, just the shell profile. I have tried with a permitall command set as well but no luck,

Should we see the command that was executed on WLC's when using TACACS, just like for other devices (routers, switches, firewalls etc..)?

Here is a working one from a firewall, where we see the command a user executed:

Nadia Bbz · ‎12-22-2020

hello

i had the same problem with wlc 3504, when i open the case in TAC they tell me this feature is not supported in this version , it is only supported in cisco wlc 9000

View solution in original post

Nadia Bbz · ‎12-22-2020

hello

i had the same problem with wlc 3504, when i open the case in TAC they tell me this feature is not supported in this version , it is only supported in cisco wlc 9000

hslai · ‎12-22-2020

Nadia Bbz is correct. AireOS WLC does not support command authorization whereas the Cisco Catalyst 9800 series WLC is running IOS-XE so has such support.