cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4667
Views
0
Helpful
21
Replies

WCS 6.0 ACS 5.1

nshoe18
Level 1
Level 1

Has anyone been able to add WCS 6.0 and any WLCs running 6 code to an ACS 5.1 box yet? I cannot find any documents for 5.1 on how to add these.

1 Accepted Solution

Accepted Solutions

I checked with the wireless guys and he said that wlc 6.x should be fine with acs 5.1.

View solution in original post

21 Replies 21

sschmidt
Cisco Employee
Cisco Employee

WCS 6.x integrated with ACS 5.x is not currently supported but should be supported in the WCS 7.x release.

What about version 6 of the Controller code and ACS 5.1?

I checked with the wireless guys and he said that wlc 6.x should be fine with acs 5.1.

Where can I get something on how to setup the WLC to talk with ACS 5.1?

I checked the config guide for the 6.x WLC code and it still shows the older version of ACS in the guide.  I would assume the 7.x versions will get the new screenshots.  If you can open a ticket the folks in AAA should be able to assist though.  I have not done a 5.1 config or I'd be happy to help.

I will go that route. Thank you for your help.

I worked with TAC on this yesterday, we were able to get my WLCs working with ACS 5.1 using Radius....NOT Tacacs,

this only remaining issue i have is with WCS, trying to  match the correct Auth policy, if i match to enable priv 15 , all cisco hardware authenicates

fine, but cant auth to my WCS, if i move the WCS policy up with its custom attributes i can get into the WCS, but the cisco hardware fails.

Almost there, any ideas, so far i really like acs 5.1, big improvement from my MCS 7800's running 4.0 acs.

GOT IT, i added another match condtion (NDG) in the Device Administration Authorization Policy, and then for my rule-1 which enabled Priv 15, i added

not in NDG device type WCS, this way everything matched on it except my WCS server, so it used the custom attibutes i created for it.

Hi,

Please can you elaborate the steps taken to Integrate WCS 6.0 with ACS 5.1?

Thanks

Volven

Volven,

          Starting on the WCS server, Administration/TACACS, i added a server,

AAA mode was then set to TACACS.

On my ACS server i added the WCS server under network devices and AAA clients, using the same shared tacacs key.

Next under Policy elements/Authorization and permissions/Device Administration/Shell Profile i created a new shell profile

called WCS Custom, open the custom attributes tab.

the following needs to be added exactly in this order

role0=Admin
task0=Users and Groups
task1=Audit Trails
task2=TACACS+ Servers
task3=RADIUS Servers
task4=Logging
task5=License Center
task6=Scheduled Tasks and Data Collection
task7=User Preferences
task8=System Settings
task9=View Alerts and Events
task10=Email Notification
task11=Delete and Clear Alerts
task12=Pick and Unpick Alerts
task13=Ack and Unack Alerts
task14=Configure Controllers
task15=Configure Templates
task16=Configure Config Groups
task17=Configure Access Points
task18=Configure Access Point Templates
task19=Migration Templates
task20=Configure Choke Points
task21=Configure Spectrum Experts
task22=Auto Provisioning
task23=Monitor Controllers
task24=Monitor Access Points
task25=Monitor Clients
task26=Monitor Tags
task27=Monitor Security
task28=Monitor Chokepoints
task29=Monitor Spectrum Experts
task30=Interferers Search
task31=Mesh Reports
task32=Client Reports
task33=Performance Reports
task34=Security Reports
task35=Voice Audit Report
task36=Maps Read Only
task37=Maps Read Write
task38=Client Location
task39=Rogue Location
task40=Planning Mode
task41=Virtual Domain Management
task42=High Availability Configuration
task43=Health Monitor Details
task44=Configure WIPS Profiles
task45=Global SSID Groups
task46=WIPS Service
task47=Configure Lightweight Access Point Templates
task48=Configure Autonomous Access Point Templates
task49=Scheduled Configuration Tasks
task50=Configure Location Sensors
task51=Configure ACS View Servers
task52=Monitor Location Sensors
task53=RRM Dashboard
task54=Compliance Assistance Reports
task55=Config Audit Dashboard
task56=Guest Reports
task57=Configure Ethernet Switch Ports
task58=Configure Ethernet Switches
task59=Device Reports
task60=Network Summary Reports
task61=Compliance Reports
task62=Report Launch Pad
task63=Run Reports List
task64=Saved Reports List
task65=Report Run History

Finally under Access policies/Default device admin/authorization i created a new rule called WCS, matching on tacacs as the protocol and under results i called the new WCS Custom profile we created earlier, under command sets i selected Allow ALL.

If you move this rule up it will work, i got around having to move it by excluding WCS as i stating in my earlier post,

I've added some screenshots to support my ramblings

Good Luck

Hi,

Thanks for your response, actually I have done exactly as what you have suggested, the only difference being I have created the Root Group. Every time i try to login an error gets reported regarding Groups not being defined.

I currently have no access to the ACS, however will send more snapshots tomorrow.

Cheers

Volven

Attached are my snapshots, I have included the LobbyAmbassador role created in ACS and snapshots of the corresponding configs in the ACS and WCS. Also included is the error message i receive.

Thanks

Volven

Hi All,

Ignore the error page within the Zip, attached a wrong image... See the one attached to this post..

Cheers

Volven

Got it working..

Seems to be a BUG, had to follow a crazy procedure.

Before adding any attributes i had to add the Virtual Domain attribute even though i have only the root domain and than follow it up with the role and tasks list. Once saved, I had to go back and delete the Virtual Domain attribute and than it works fine. Tested this by creating different roles and it only worked by first creating the virtual domain attribute and than deleting it.

Hope someone else facing a similar issue finds this useful. The versions i am using are..

WCS - 6.0.181.0

ACS - 5-1-0-44-2

Cheers

Volven

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: