Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2339
Views
10
Helpful
13
Replies

WLC no Authentication AAA TACACS+ ACS 5.5

Go to solution
rnavarrete
Level 1
Level 1

‎02-17-2017 02:34 PM - edited ‎03-11-2019 12:28 AM

hello everybody, I have a issues with authentication WLC with ACS 5.5 on ACS log:

but en WLC no authentication USERS with AD

AAA Authentication Success for UserName: User Type: UNKNOWN:0

I don´t have issues with authentication router,swtich and asa. but WLC version 8 if i have problem authenticacion with tacacs+ can you help me please.

1 person had this problem
Labels:
Preview file
319 KB
Preview file
332 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rafael Mauricio Navarrete Echegoyen
Level 1
Level 1
In response to Gagandeep Singh

‎02-21-2017 06:19 AM

thank you very much. now working WLC authentication with user READ WRITE AND READY ONLY.

best regards

Rafael Navarrete

View solution in original post

0 Helpful
13 Replies 13

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee

‎02-18-2017 01:11 PM

Hi,

WLC doesn't understand prIv level 15 like switch or router.

You need to create shell profile for role1=ALL without priv-15.

Attached screenshot for reference.

Regards

Gagan

PS: RATE IF IT HELPS!!!!

Preview file
59 KB
0 Helpful

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee
In response to Rafael Mauricio Navarrete Echegoyen

‎02-20-2017 08:17 AM

Please send the failed report from ACS. Are you trying to make it work with AD or internal users.

Regards

Gagan

0 Helpful

Go to solution
Rafael Mauricio Navarrete Echegoyen
Level 1
Level 1
In response to Gagandeep Singh

‎02-20-2017 09:07 AM

Hello I trying with Users AD. log ACS authenticacion is successful but I dont access WLC.

user AD:rnavarrete

passAD:Password1234

en WLC show:

401 Unauthorized

thank you

Rafael Navarrete

Preview file
154 KB
0 Helpful

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee
In response to Rafael Mauricio Navarrete Echegoyen

‎02-20-2017 09:16 AM

I want failed authentication detailed report for your WLC access session.

Also send the screenshot from

Access policy > Device administration  > authorization.

Need to check rule created...

0 Helpful

Go to solution
Rafael Mauricio Navarrete Echegoyen
Level 1
Level 1
In response to Gagandeep Singh

‎02-20-2017 11:00 AM

Hello I send you screenshot.

Preview file
242 KB
0 Helpful

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee
In response to Rafael Mauricio Navarrete Echegoyen

‎02-20-2017 12:01 PM

You haven't call WLCpermit shell profile in Authorization rule...

You need to call it then it will work.

Create new rule for WLC just not to impact other rules..

Regards

Gagan

PS: rate as correct if it helps!!!!

0 Helpful

Go to solution
Rafael Mauricio Navarrete Echegoyen
Level 1
Level 1
In response to Gagandeep Singh

‎02-20-2017 12:14 PM

hello, I have a WLCpermit shell profile but I dont know how create the rule without to impact other rules.(create profile role1=ALL without priv-15. but with users de AD )

can watch de sreenshot

can you help me ?

Preview file
196 KB
0 Helpful

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee
In response to Rafael Mauricio Navarrete Echegoyen

‎02-20-2017 12:19 PM

Create one more authorization rule with one condition that could be Device IP : WLC IP and result would be WLC shell profile and command set for full access.

Make this rule at the top for just WLC access....

Regards

Gagan

0 Helpful

Go to solution
Rafael Mauricio Navarrete Echegoyen
Level 1
Level 1
In response to Gagandeep Singh

‎02-20-2017 12:35 PM

Thank you very much i woking access wlc one more quiestion if possible create other rule to access WLC as user read-only can you help me

regards

Rafael Navarrete

Preview file
196 KB
0 Helpful

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee
In response to Rafael Mauricio Navarrete Echegoyen

‎02-20-2017 12:39 PM

You can use role1=MONITOR

Rate as correct for helpful threads!!!!

Regards

Gagan

Go to solution
Rafael Mauricio Navarrete Echegoyen
Level 1
Level 1
In response to Gagandeep Singh

‎02-21-2017 06:19 AM

thank you very much. now working WLC authentication with user READ WRITE AND READY ONLY.

best regards

Rafael Navarrete

0 Helpful

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee
In response to Rafael Mauricio Navarrete Echegoyen

‎02-21-2017 08:19 AM

Rate this thread as correct!!!!

Customers Also Viewed These Support Documents