cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1164
Views
0
Helpful
5
Replies

Question on WLC Auth

Vinayaka Raman
Level 1
Level 1

For Mgmt, I have set up Cisco WLC 5500 for local and TACACS Authentication (No radius). I see an option to configure the order of authentication. This makes both my TACACS and local account to work.

Like Cisco IOS for routers and switch is there an option on WLC to configure the authentication as TACACS and local account should work only if TACACS fail.

aaa authentication login default group tacacs+ local

Regards Vinayak
5 Replies 5

Vivek Ganapathi
Level 4
Level 4

Hello Vinayaka,

Below doc may help you.

https://supportforums.cisco.com/docs/DOC-14908

Thanks

Vivek

Thanks Vivek for the doc... But I have been looking for some information on how to achieve the following:

WLC should be managed by the TACACS credentials only and the local account should work whenever tacacs service is not available. Just like Cisco IOS router , switch etc..

Regards Vinayak

Got it. Do you have a ACS for TACACS auth? . If you have ACS, below are some steps to perform

1) Create a TACACS authorization server on your WLC & make sure it's been used for authorization.

2)  You can do the above by adjusting the priority, TACACS should be on top.

3) Make sure you create the user credentials on WCS & then save your settings. Creating user is on point (6)

4) Create AAA client on your ACS with the IP of WLC, select TACACS+ (Cisco IOS)

5) On the interface of the ACS you need to configure TACACS+ service. Click on New Services --> create the service name as ciscowlc & protocol as common

6) Create the specific user & full in the attributes for the TACACS+ service you created "ciscowlc common". You will have a box to define the role. Set it to role1=ALL.

Hope this helps.

Thanks

Vivek

I will try and let you know..thank you

Sent from Cisco Technical Support iPad App

Regards Vinayak

Michael Baldoza
Level 1
Level 1

Try this

Access the WLC via GUI

then go to Security Tab

then go to Priority Order on the left side of the screen

then go to Management User

then there's an option and simple to understand if you want to have a priority of tacacs, radius and local authentication

Review Cisco Networking for a $25 gift card