Hi Gents,

I've been trying to troubleshoot this for a long time but I'm out of ideas now. here is the topo. I've got a Cisco ACS 5.4 VM used for Radius Network Authentication with a Cisco WLC 7.0, I've done the initial setup and all the rules, everything was working perfectly so far. now i'm trying to add more Access Rules (Identity/Authorization), it seem ok in the GUI interface and it is saving the configuration even if I reboot the Appliance, however when I check the Monitoring and Report log the new rules are not matching. I will attach some print screen for that.

in the identity part there is a rule matching users that attribute Radius_IETF Username start with "g_" without quotes to identify them with local database. "JV1\" to identify them using Active Directory (this is the old rule that was working) the Default is Deny Access

in the authorisations, for the users that attribute Username start with "g_" they got a service policy X and for the "JV1\" they get a service policy Y.

the new users added in the local database (starting with "g_") are matching in the identity store but in the authorisation they hit the default rule which is deny access. the only condition in the authorisation is to be part of the identity group "Wireless Users".

I've had this issue with ACS 5.2 in the past and I used to delete the rule than create it back again but it doesn't seem to be working for the version 5.4

thanks & regards,

Habib