cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
522
Views
0
Helpful
3
Replies

Simultaneous Radius & TACACS+ Support on WLC

c.fuller
Level 1
Level 1

I currently have my controller configured in my Cisco Secure ACS (ver 3.3) as a Radius NAS.

This is for the wireless clients authenticate using PEAP.

Now I would like to setup my controller to use TACACS+ for management. I see where to configure it on the controller which looks straight forward.

However, I am not sure what to do on the ACS. If a controller is already configured for Radius how can I configure it to also support TACACS+? I don't see an option to have it support both. I can't add the same controller in twice either.

Any suggestions/recommendations are appreciated.

I'm wondering if my only option is to setup management using Radius too.

3 Replies 3

mscherting
Level 1
Level 1

Try entering your controller again with a different name:

ControllerName-TACACS

Use the same IP, device group & shared secret then select TACACS+ (Cisco) instead of Radius for authentication.

You end up with two entries for each device that requires both, one for TACACS & one for Radius.

Thank you. That worked. I created one group called controllers-tacacs and listed each of my controllers and selected TACACS+ for authentication type.

However, I still can't get the controller to use TACACS+ for management. I added in the ACS information using port 49 under the security->tacacs-> authentication menu option. It does not have the option to pick network user or management like the radius authentication menu does. So I just enter in all the valid data shared secret, port, enabled, etc. I used the same shared secret as the controller-tacacs group I created on the ACS.

However, the controller does not use tacacs+ for management logins. I still have to use the local mgmt users account.

Anyone have any ideas.

Sounds like what my WiSMs did when I first setup them up for TACACS.

Have you tried restarting the ACS service? Network Configuration > Service Control > Restart

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: