Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
720
Views
10
Helpful
5
Replies

Enabling RADIUS Auth/Acct on WLAN Controller 4402

Go to solution
kamrannaseem
Level 1
Level 1

‎07-15-2013 06:00 AM - edited ‎03-10-2019 08:39 PM

Hi All,

Just need to enable RADIUS authentication and accounting on Cisco WLAN controller 4402, so that WLAN controller Admins can be authenticated via RADIUS server.

I want to make sure that i could log in via console or local user account, if RADIUS auth/acct on WLAN controller does not work for some reason. I dont want to lock myself out if RADIUS auth/acct does not work.

I have configured RDIUS for cisco 3750 switches and is working fine.

any suggestions please.

many thanks.

Kamran.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to kamrannaseem

‎07-15-2013 07:02 AM

you need to set the order

Security > Priority Order > Management User

Network user is for wireless authentication.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎07-15-2013 06:11 AM

RADIUS Server Authentication of Management Users on Wireless LAN Controller (WLC) Configuration Example

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080782507.shtml#wlc

The order of authentication for management users can be changed on the       WLC. In order to do this, from the

Security page on the WLC,       click  Priority Order > Management User

What radius server are you using? On the radius server you just need to push Radius IETF attribute service-type=administrative.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Go to solution
kamrannaseem
Level 1
Level 1
In response to Jatin Katyal

‎07-15-2013 06:58 AM

Hi Jatin,

Thanks for your reply.

I am using  TekRadius 4.6. So if i check the management user box would it allow local user to login if RADIUS server fail to respond.

Most of the documents i found on the internet are for later versions but we are using WLAN controller software version 3.2 which is very old thats why i am bit conecenred that i dont lock myslef out once i enable RADIUS auth/acct.

Would you know what Network user  option does ?

many thanks.

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to kamrannaseem

‎07-15-2013 07:02 AM

you need to set the order

Security > Priority Order > Management User

Network user is for wireless authentication.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

Go to solution
kamrannaseem
Level 1
Level 1
In response to Jatin Katyal

‎07-15-2013 07:27 AM

Hi Jatin,

I dont see any link or tab named Priority Order.

I have attached the GUI interface of my WLAN controller.

many thanks.

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to kamrannaseem

‎07-15-2013 10:14 AM

Yeah because the code you are running is pretty OLD. I couldn't find all these settings in WLC 3.2 configuration guide. http://www.cisco.com/en/US/docs/wireless/controller/3.2/configuration/guide/c32sol.html

WLAN code 4.2 does show that this feature.

Figure 5-5     TACACS+ Authentication Servers > New Page

http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42sol.html

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
Customers Also Viewed These Support Documents