Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
386
Views
0
Helpful
1
Replies

WLC / ACS Login

samir khoury
Level 1
Level 1

‎04-19-2016 07:52 AM - edited ‎03-10-2019 11:41 PM

Hello,

I am trying to figure out how to allow some users to login to WLC GUI with read access only, and also to have read only to Switches and Router.

the ACS is version 5.2.0.26.8

and the WLC are 5508 version 8.0.121.0

thanks

Labels:
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎04-19-2016 10:43 AM

Hello Samir-

For IOS Devices (Routers, switches, etc) you can create a policy that can:

1. Provide the users with a privilege level (1-15)

2. Create a Command Set that allows/denies the users from executing specific commands. This is called command level authorization and you must use TACACS+ as RADIUS is not supported. That way, you can give users privilege-level 15 but only allow them to run show commands. 

For your WLC, you will need to create a separate policy that can be TACACS+ or RADIUS. The policy will have to return the following attribute:

role1=MONITOR

I hope this helps!

Thank you for rating helpful posts!

0 Helpful
Customers Also Viewed These Support Documents