01-10-2021 12:20 PM - edited 07-05-2021 12:59 PM
can ISE 2.6 be used both as Tacacs and Radius server at same time to authenticate different network devices?
is it possible to add Cisco WLC 3504 management user with different privilege levels in ISE2.6 for GUI & CLI ?
if yes, i can see end user (android device) logs in ISE but unable to login as management user in WLC 3504, Kindly guide
01-10-2021 02:51 PM - edited 01-10-2021 02:51 PM
Can you post more information what Logs you see in ISE ?
here is good guide to start :
https://mrncciew.com/2014/05/11/wlc-access-via-radius-ise/
also can you explain : "can ISE 2.6 be used both as Tacacs and Radius server at same time to authenticate "
01-11-2021 01:13 AM
can ISE 2.6 be used both as Tacacs and Radius server at same time to authenticate different network devices?
Yes, with the Device Admin license installed you can do RADIUS and TACACS for network devices.
is it possible to add Cisco WLC 3504 management user with different privilege levels in ISE2.6 for GUI & CLI ?
Not as far as I am aware. I can't see any attributes in the authentication request which differentiate between the CLI and the GUI.
if yes, i can see end user (android device) logs in ISE but unable to login as management user in WLC 3504, Kindly guide
What do you see in the ISE logs when you try to log in?
01-14-2021 02:44 AM
case 1: created internal users in ISE, added WLC in ISE with Radius as authentication method and shared common secret key.
added a Access point to the controller and created a SSID with internet access .
did not create any authentication/authorization profile or policy set.
android user is able to connect to the internet SSID by using credentials of the internal users that i had created in ISE.
Observation: android user is hitting default policy set in ISE to connect.
Case 2: created a user group, internal User and created a authorization profile with "Radius-Service type = Administrative" and created a policy set.
purpose of policy set creation: To get management access to CLI or GUI with internal user credentials.
Result: when i try to login with internal user credentials, its not accepting the credentials. no error message.
observation in ISE: I can see the hits on the policy when ever i try to login with internal user credentials.
Is it possible to login to WLC GUI or CLI as a management user with Radius ISE as Authentication server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide