Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
0
Helpful
5
Replies

Question on WLC Auth

Vinayaka Raman
Level 1
Level 1

‎02-16-2012 01:21 AM - edited ‎03-04-2019 03:17 PM

For Mgmt, I have set up Cisco WLC 5500 for local and TACACS Authentication (No radius). I see an option to configure the order of authentication. This makes both my TACACS and local account to work.

Like Cisco IOS for routers and switch is there an option on WLC to configure the authentication as TACACS and local account should work only if TACACS fail.

aaa authentication login default group tacacs+ local

Regards Vinayak
Labels:
0 Helpful
5 Replies 5

Vivek Ganapathi
Level 4
Level 4

‎02-16-2012 03:43 AM

Hello Vinayaka,

Below doc may help you.

https://supportforums.cisco.com/docs/DOC-14908

Thanks

Vivek

0 Helpful

Vinayaka Raman
Level 1
Level 1
In response to Vivek Ganapathi

‎02-16-2012 04:33 AM

Thanks Vivek for the doc... But I have been looking for some information on how to achieve the following:

WLC should be managed by the TACACS credentials only and the local account should work whenever tacacs service is not available. Just like Cisco IOS router , switch etc..

Regards Vinayak
0 Helpful

Vivek Ganapathi
Level 4
Level 4
In response to Vinayaka Raman

‎02-16-2012 06:35 AM

Got it. Do you have a ACS for TACACS auth? . If you have ACS, below are some steps to perform

1) Create a TACACS authorization server on your WLC & make sure it's been used for authorization.

2)  You can do the above by adjusting the priority, TACACS should be on top.

3) Make sure you create the user credentials on WCS & then save your settings. Creating user is on point (6)

4) Create AAA client on your ACS with the IP of WLC, select TACACS+ (Cisco IOS)

5) On the interface of the ACS you need to configure TACACS+ service. Click on New Services --> create the service name as ciscowlc & protocol as common

6) Create the specific user & full in the attributes for the TACACS+ service you created "ciscowlc common". You will have a box to define the role. Set it to role1=ALL.

Hope this helps.

Thanks

Vivek

0 Helpful

Vinayaka Raman
Level 1
Level 1
In response to Vivek Ganapathi

‎05-19-2012 04:40 AM

I will try and let you know..thank you

Sent from Cisco Technical Support iPad App

Regards Vinayak
0 Helpful

Michael Baldoza
Level 1
Level 1

‎09-22-2012 07:12 PM

Try this

Access the WLC via GUI

then go to Security Tab

then go to Priority Order on the left side of the screen

then go to Management User

then there's an option and simple to understand if you want to have a priority of tacacs, radius and local authentication

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card