Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
723
Views
5
Helpful
3
Replies

Cisco WLC management user configuration in ISE2.6 with Radius Authentication

SyedZabiulla72154
Level 1
Level 1

‎01-10-2021 12:20 PM - edited ‎07-05-2021 12:59 PM

can ISE 2.6 be used both as Tacacs and Radius server at same time to authenticate different network devices?

is it possible to add Cisco WLC 3504 management user with different privilege levels in ISE2.6 for GUI & CLI ?

if yes, i can see end user (android device) logs in ISE but unable to login as management user in WLC 3504, Kindly guide 

 

 

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎01-10-2021 02:51 PM - edited ‎01-10-2021 02:51 PM

Can you post more information what Logs you see in ISE ?

 

here is good guide to start :

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html

https://mrncciew.com/2014/05/11/wlc-access-via-radius-ise/

 

also can you explain : "can ISE 2.6 be used both as Tacacs and Radius server at same time to authenticate " 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

craig.beck
Level 1
Level 1

‎01-11-2021 01:13 AM

can ISE 2.6 be used both as Tacacs and Radius server at same time to authenticate different network devices?

Yes, with the Device Admin license installed you can do RADIUS and TACACS for network devices.

 

is it possible to add Cisco WLC 3504 management user with different privilege levels in ISE2.6 for GUI & CLI ?

Not as far as I am aware. I can't see any attributes in the authentication request which differentiate between the CLI and the GUI.

 

if yes, i can see end user (android device) logs in ISE but unable to login as management user in WLC 3504, Kindly guide 

What do you see in the ISE logs when you try to log in?

0 Helpful

SyedZabiulla72154
Level 1
Level 1
In response to craig.beck

‎01-14-2021 02:44 AM

case 1:  created internal users in ISE, added WLC in ISE with Radius as authentication method and shared common secret key.

             added a Access point to the controller and created a SSID with internet access .

             did not create any authentication/authorization profile or policy set.

             android user is able to connect to the internet SSID by using credentials of the internal users that i had created in ISE.

            Observation: android user is hitting default policy set in ISE to connect.

 

Case 2: created a user group, internal User and created a authorization profile with "Radius-Service type = Administrative"                     and created a policy set.

             purpose of policy set creation: To get management access to CLI or GUI with internal user credentials.

             Result: when i try to login with internal user credentials, its not accepting the credentials. no error message.

             observation in ISE: I can see the hits on the policy when ever i try to login with internal user credentials.

            Is it possible to login to WLC GUI or CLI as a management user with Radius ISE  as Authentication server. 

            

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card