***WLC AAA for admin access***

Unanswered Question
Mar 4th, 2009
User Badges:

I am trynig to set up radius authentication for access onto the WLC for management, ssh/telnet and GUI. The RADIUS settings are correct to the IAS server, and the management tab is selected within the RADIUS properties page.

The provider order was changed to include radius before local, and the admin account was created in AD. When I now tried to telnet/SSH onto the command line of the WLC, i could see from the radius log that i was been succesfully authenticated, but it would not let me onto the cmd line??? it just returns me to the username prompt?

Any isead what im missing?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Tue, 03/10/2009 - 06:43
User Badges:
  • Silver, 250 points or more

Complete these steps in order to add the WLC as an AAA client in the ACS.


From the ACS GUI, choose the Network Configuration tab.


Under AAA Clients, click Add Entry.


In the Add AAA Client window, enter the WLC host name, the IP address of the WLC, and a shared secret key. See the example diagram under step 5.


From the Authenticate Using drop-down menu, choose RADIUS .


Click Submit + Restart in order to save the configuration.

gabrielbryson Wed, 03/11/2009 - 01:32
User Badges:

Thanks, I did that but i still think something is missing relating to authorization, because when i try to connect I authenticate but it then said i have no access??

Johannes Luther Thu, 03/12/2009 - 02:59
User Badges:

I guess you missed to send the correct RADIUS attributes back to the WLC (for authorization purposes).

The roles are: MONITOR, WLAN, CONTROLLER, WIRELESS, SECURITY, MANAGEMENT, COMMANDS and ALL.


I'm not sure what attribute has to be sent back. The only documentation I can find is with TACACS+ AAA.

But I'm pretty sure it's an authorization issue.

Actions

This Discussion