Dear Experts, I have two questions about Cat9800 WLCs TACACS+ admin access configuration.
1. Once 9800 is configured to do TACACS+ for its webUI admin access, no matter if logging with WLC local admin accounts or AD accounts, there are always two usernames, "copyrightbanneruser" and "webuiuser", attempting for Authorization. No logs shows these two usernames ever tried Authentication. Has anybody seen the this?
2. For TACACS+ admin access, based on my tests, it seems for the webUI TACACS+ admin access, Cat 9800 can only take one priv-lvl response from ISE, the value could be either =1 or =15. Unlike for its CLI admin access, it can take response with both "priv-lvl = 1" and "max_priv_lvl=15". Is there a way to configure the webUI to have the admin log in on webUI as priv 1 initially, then to be elevated to priv 15 if needed?
Thanks!
