03-26-2010 08:23 AM - edited 07-03-2021 06:40 PM
Has anyone been able to add WCS 6.0 and any WLCs running 6 code to an ACS 5.1 box yet? I cannot find any documents for 5.1 on how to add these.
Solved! Go to Solution.
03-26-2010 08:37 AM
I checked with the wireless guys and he said that wlc 6.x should be fine with acs 5.1.
03-26-2010 08:28 AM
WCS 6.x integrated with ACS 5.x is not currently supported but should be supported in the WCS 7.x release.
03-26-2010 08:31 AM
What about version 6 of the Controller code and ACS 5.1?
03-26-2010 08:37 AM
I checked with the wireless guys and he said that wlc 6.x should be fine with acs 5.1.
03-26-2010 08:41 AM
Where can I get something on how to setup the WLC to talk with ACS 5.1?
03-26-2010 08:48 AM
I checked the config guide for the 6.x WLC code and it still shows the older version of ACS in the guide. I would assume the 7.x versions will get the new screenshots. If you can open a ticket the folks in AAA should be able to assist though. I have not done a 5.1 config or I'd be happy to help.
03-26-2010 08:53 AM
I will go that route. Thank you for your help.
03-28-2010 10:45 AM
I worked with TAC on this yesterday, we were able to get my WLCs working with ACS 5.1 using Radius....NOT Tacacs,
this only remaining issue i have is with WCS, trying to match the correct Auth policy, if i match to enable priv 15 , all cisco hardware authenicates
fine, but cant auth to my WCS, if i move the WCS policy up with its custom attributes i can get into the WCS, but the cisco hardware fails.
Almost there, any ideas, so far i really like acs 5.1, big improvement from my MCS 7800's running 4.0 acs.
03-28-2010 11:41 AM
GOT IT, i added another match condtion (NDG) in the Device Administration Authorization Policy, and then for my rule-1 which enabled Priv 15, i added
not in NDG device type WCS, this way everything matched on it except my WCS server, so it used the custom attibutes i created for it.
04-06-2010 05:58 PM
Hi,
Please can you elaborate the steps taken to Integrate WCS 6.0 with ACS 5.1?
Thanks
Volven
04-07-2010 06:13 AM
Volven,
Starting on the WCS server, Administration/TACACS, i added a server,
AAA mode was then set to TACACS.
On my ACS server i added the WCS server under network devices and AAA clients, using the same shared tacacs key.
Next under Policy elements/Authorization and permissions/Device Administration/Shell Profile i created a new shell profile
called WCS Custom, open the custom attributes tab.
the following needs to be added exactly in this order
role0=Admin
task0=Users and Groups
task1=Audit Trails
task2=TACACS+ Servers
task3=RADIUS Servers
task4=Logging
task5=License Center
task6=Scheduled Tasks and Data Collection
task7=User Preferences
task8=System Settings
task9=View Alerts and Events
task10=Email Notification
task11=Delete and Clear Alerts
task12=Pick and Unpick Alerts
task13=Ack and Unack Alerts
task14=Configure Controllers
task15=Configure Templates
task16=Configure Config Groups
task17=Configure Access Points
task18=Configure Access Point Templates
task19=Migration Templates
task20=Configure Choke Points
task21=Configure Spectrum Experts
task22=Auto Provisioning
task23=Monitor Controllers
task24=Monitor Access Points
task25=Monitor Clients
task26=Monitor Tags
task27=Monitor Security
task28=Monitor Chokepoints
task29=Monitor Spectrum Experts
task30=Interferers Search
task31=Mesh Reports
task32=Client Reports
task33=Performance Reports
task34=Security Reports
task35=Voice Audit Report
task36=Maps Read Only
task37=Maps Read Write
task38=Client Location
task39=Rogue Location
task40=Planning Mode
task41=Virtual Domain Management
task42=High Availability Configuration
task43=Health Monitor Details
task44=Configure WIPS Profiles
task45=Global SSID Groups
task46=WIPS Service
task47=Configure Lightweight Access Point Templates
task48=Configure Autonomous Access Point Templates
task49=Scheduled Configuration Tasks
task50=Configure Location Sensors
task51=Configure ACS View Servers
task52=Monitor Location Sensors
task53=RRM Dashboard
task54=Compliance Assistance Reports
task55=Config Audit Dashboard
task56=Guest Reports
task57=Configure Ethernet Switch Ports
task58=Configure Ethernet Switches
task59=Device Reports
task60=Network Summary Reports
task61=Compliance Reports
task62=Report Launch Pad
task63=Run Reports List
task64=Saved Reports List
task65=Report Run History
Finally under Access policies/Default device admin/authorization i created a new rule called WCS, matching on tacacs as the protocol and under results i called the new WCS Custom profile we created earlier, under command sets i selected Allow ALL.
If you move this rule up it will work, i got around having to move it by excluding WCS as i stating in my earlier post,
I've added some screenshots to support my ramblings
Good Luck
04-07-2010 06:39 AM
Hi,
Thanks for your response, actually I have done exactly as what you have suggested, the only difference being I have created the Root Group. Every time i try to login an error gets reported regarding Groups not being defined.
I currently have no access to the ACS, however will send more snapshots tomorrow.
Cheers
Volven
04-07-2010 07:12 PM
04-08-2010 12:50 AM
04-09-2010 12:55 AM
Got it working..
Seems to be a BUG, had to follow a crazy procedure.
Before adding any attributes i had to add the Virtual Domain attribute even though i have only the root domain and than follow it up with the role and tasks list. Once saved, I had to go back and delete the Virtual Domain attribute and than it works fine. Tested this by creating different roles and it only worked by first creating the virtual domain attribute and than deleting it.
Hope someone else facing a similar issue finds this useful. The versions i am using are..
WCS - 6.0.181.0
ACS - 5-1-0-44-2
Cheers
Volven
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide