Simultaneous Radius & TACACS+ Support on WLC

Unanswered Question
Apr 3rd, 2009

I currently have my controller configured in my Cisco Secure ACS (ver 3.3) as a Radius NAS.

This is for the wireless clients authenticate using PEAP.

Now I would like to setup my controller to use TACACS+ for management. I see where to configure it on the controller which looks straight forward.

However, I am not sure what to do on the ACS. If a controller is already configured for Radius how can I configure it to also support TACACS+? I don't see an option to have it support both. I can't add the same controller in twice either.

Any suggestions/recommendations are appreciated.

I'm wondering if my only option is to setup management using Radius too.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mscherting Mon, 04/06/2009 - 09:51

Try entering your controller again with a different name:

ControllerName-TACACS

Use the same IP, device group & shared secret then select TACACS+ (Cisco) instead of Radius for authentication.

You end up with two entries for each device that requires both, one for TACACS & one for Radius.

c.fuller Tue, 04/07/2009 - 11:42

Thank you. That worked. I created one group called controllers-tacacs and listed each of my controllers and selected TACACS+ for authentication type.

However, I still can't get the controller to use TACACS+ for management. I added in the ACS information using port 49 under the security->tacacs-> authentication menu option. It does not have the option to pick network user or management like the radius authentication menu does. So I just enter in all the valid data shared secret, port, enabled, etc. I used the same shared secret as the controller-tacacs group I created on the ACS.

However, the controller does not use tacacs+ for management logins. I still have to use the local mgmt users account.

Anyone have any ideas.

mscherting Wed, 04/08/2009 - 09:15

Sounds like what my WiSMs did when I first setup them up for TACACS.

Have you tried restarting the ACS service? Network Configuration > Service Control > Restart

Actions

This Discussion

 

 

Trending Topics - Security & Network