09-14-2020 12:35 AM - edited 07-05-2021 12:30 PM
I would like to test aaa connection in 9800-40 WLC, the software version of WLC is 16.12.03, I used the following command:
C9840-2#test aaa group zys-20 zys1 Test12345 new-code
User rejected
but it should be passed for authentication in ISE as follow:
I am not sure why it show user rejected, it should be User access. what wrong for this?
09-14-2020 05:51 AM
09-14-2020 06:18 PM
09-14-2020 06:21 PM
11-17-2020 06:51 AM
Hi Scott
please see https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214490-configure-radius-and-tacacs-for-gui-and.html#anc10 this how i got it working
11-17-2020 06:49 AM
Hi Yaoszhan
not sure what code you are running but i am able to test
ZA-WLC-9800-ENT-WLC#test aaa group tacacs+ octvwyk xxxx new-code
Sending password
User successfully authenticated
USER ATTRIBUTES
username 0 "octvwyk"
reply-message 0 "password: "
using the below reference
regards
12-03-2020 12:33 PM
As a reference:
#test aaa group radius yourusername yourpassword new-code
#test aaa group radius dummy 1234 new-code
Or if you have multiple RADIUS Servers configured on the 9800 then you need to specify the correct one as below:
#test aaa group radius server name ISE24 dummy 1234 new-code
Or
#test aaa group radius server name ISE24 dummy 1234 legacy
legacy will give you understandable results better than new-code BUT the legacy option will not work with ISE 2.2 but will work with ISE 2.4 and after
While ISE24 is not actually the DNS Name of this server, it is the server name as it’s configured on the 9800 and called out under the radius group. dummy is the username, 1234 is the password
TACACS is the same but we can't test individual servers as RADIUS
#test aaa group tacacs+ dummy 1234 new-code
Or
#test aaa group tacacs+ dummy 1234 legacy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide