WLC Management users Authentication with Tacacs+ and Radius

sun.ramalingam · ‎10-15-2014

Hi ,

In WLC Security-->Priority Order-->Management User, If Tacacs+ and then radius Server are selected, will the users be authenticated agaisnt Radius if users are not found in Tacacs Server or only if first priority is unreachable then the Radius server will be contacted for authentication ?

I have management users who gets authenticated against Tacacs+ and LobbyAdmin who wants to be authenticated by Radius(ACS and then AD)

Thanks in advance

Saurav Lodh · ‎10-16-2014

See the current management authentication server order by entering the show aaa auth command.

sun.ramalingam · ‎10-16-2014

Hi
Currently Tacacs+ , My question was if I added Radius and useres are not found in Tacacs+, will the users be authenticated against Radius server ?

Moin Ilyas · ‎11-19-2014

I believe yes.

In the Order Used for Authentication text box, specify which servers have priority when the controller attempts to authenticate management users.

Use the > and < buttons to move servers between the Not Used and Order Used for Authentication text boxes. After the desired servers appear in the Order Used for Authentication text box, use the Up and Down buttons to move the priority server to the top of the list. By default, the local database is always queried first. If the username is not found, the controller switches to the RADIUS server if configured for RADIUS or to the TACACS+ server if configured for TACACS+. The default setting is local and then RADIUS.

Source: http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0101101.html#ID1007

sun.ramalingam · ‎12-22-2014

Thanks for your reply Moin , WLC will only support LOCAL and either Radius or Tacacs+