Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2157
Views
5
Helpful
4
Replies

C9800 HTTP authorization with AAA

Go to solution
Fairytale16
Level 1
Level 1

‎01-22-2020 07:53 PM - edited ‎07-05-2021 11:34 AM

Hi,

I wonder if the community can advice on the problem below.

I'm configuring a stack of C9800 16.12.1

And I want to configure HTTP authorization via AAA.

First it should ask Radius, then go Local.

The Radius is not available now, but the WLC refuses to log in under local account.

I'm connecting on SP IP.

 

The configuration:

aaa group server radius RADIUS_SRV
server name RADIUS_1
server name RADIUS_2

!

username cisco privilege 15 password cisco

!

aaa new-model

aaa authentication login Local_Access group RADIUS_SRV local

!

radius server RADIUS_1
address ipv4 172.22.1.1 auth-port 1812 acct-port 1813
timeout 5
key smth
!
radius server RADIUS_2
address ipv4 172.22.1.2 auth-port 1812 acct-port 1813
timeout 5
key smth

i

ip http authentication aaa login-authentication Local_Access

 

Thank you in advance.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jurgens L
Level 3
Level 3

‎01-22-2020 08:27 PM

Did you follow this document below for setting up the WLC?

 

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214490-configure-radius-and-tacacs-for-gui-and.html 

 

 

 

<<< Pls remember to rate all useful responses >>>

View solution in original post

4 Replies 4

Go to solution
Jurgens L
Level 3
Level 3

‎01-22-2020 08:27 PM

Did you follow this document below for setting up the WLC?

 

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214490-configure-radius-and-tacacs-for-gui-and.html 

 

 

 

<<< Pls remember to rate all useful responses >>>

Go to solution
Fairytale16
Level 1
Level 1
In response to Jurgens L

‎01-22-2020 08:58 PM

Thank you, Jurgens.


I've missed that doco.
It works now.

The working configuration below:
aaa group server radius RADIUS_SRV
server name RADIUS_1
server name RADIUS_2
!
username cisco privilege 15 password cisco
enable secret cisco
!
aaa new-model
!
aaa authentication login Local_Access group RADIUS_SRV local
aaa authorization exec Local_Access group RADIUS_SRV local if-authenticated
!
!
radius server RADIUS_1
address ipv4 172.22.1.1 auth-port 1812 acct-port 1813
timeout 5
key smth
!
radius server RADIUS_2
address ipv4 172.22.1.2 auth-port 1812 acct-port 1813
timeout 5
key smth
!
ip http authentication aaa login-authentication Local_Access
ip http authentication aaa exec-authorization Local_Access
!

0 Helpful

Go to solution
Jurgens L
Level 3
Level 3
In response to Fairytale16

‎01-22-2020 09:17 PM

Glad you came right, and thanks for sharing the working config!
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎01-22-2020 08:58 PM

If you change the auth to local then radius, can you login with local credentials?
-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card