cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr

Ask Me Anything – How to Enable Network Connectivity to Remote Workers
361
Views
5
Helpful
4
Replies
Highlighted
Beginner

C9800 HTTP authorization with AAA

Hi,

I wonder if the community can advice on the problem below.

I'm configuring a stack of C9800 16.12.1

And I want to configure HTTP authorization via AAA.

First it should ask Radius, then go Local.

The Radius is not available now, but the WLC refuses to log in under local account.

I'm connecting on SP IP.

 

The configuration:

aaa group server radius RADIUS_SRV
server name RADIUS_1
server name RADIUS_2

!

username cisco privilege 15 password cisco

!

aaa new-model

aaa authentication login Local_Access group RADIUS_SRV local

!

radius server RADIUS_1
address ipv4 172.22.1.1 auth-port 1812 acct-port 1813
timeout 5
key smth
!
radius server RADIUS_2
address ipv4 172.22.1.2 auth-port 1812 acct-port 1813
timeout 5
key smth

i

ip http authentication aaa login-authentication Local_Access

 

Thank you in advance.

 

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Participant

Re: C9800 HTTP authorization with AAA

Did you follow this document below for setting up the WLC?

 

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214490-configure-radius-and-tacacs-for-gui-and.html 

 

 

 

<<< Pls remember to rate all useful responses >>>

View solution in original post

4 REPLIES 4
Highlighted
Participant

Re: C9800 HTTP authorization with AAA

Did you follow this document below for setting up the WLC?

 

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214490-configure-radius-and-tacacs-for-gui-and.html 

 

 

 

<<< Pls remember to rate all useful responses >>>

View solution in original post

Highlighted
Beginner

Re: C9800 HTTP authorization with AAA

Thank you, Jurgens.


I've missed that doco.
It works now.

The working configuration below:
aaa group server radius RADIUS_SRV
server name RADIUS_1
server name RADIUS_2
!
username cisco privilege 15 password cisco
enable secret cisco
!
aaa new-model
!
aaa authentication login Local_Access group RADIUS_SRV local
aaa authorization exec Local_Access group RADIUS_SRV local if-authenticated
!
!
radius server RADIUS_1
address ipv4 172.22.1.1 auth-port 1812 acct-port 1813
timeout 5
key smth
!
radius server RADIUS_2
address ipv4 172.22.1.2 auth-port 1812 acct-port 1813
timeout 5
key smth
!
ip http authentication aaa login-authentication Local_Access
ip http authentication aaa exec-authorization Local_Access
!

Highlighted
Participant

Re: C9800 HTTP authorization with AAA

Glad you came right, and thanks for sharing the working config!
Highlighted
Hall of Fame Master

Re: C9800 HTTP authorization with AAA

If you change the auth to local then radius, can you login with local credentials?
-Scott
*** Please rate helpful posts ***
CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey