Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

***WLC AAA for admin access***

I am trynig to set up radius authentication for access onto the WLC for management, ssh/telnet and GUI. The RADIUS settings are correct to the IAS server, and the management tab is selected within the RADIUS properties page.

The provider order was changed to include radius before local, and the admin account was created in AD. When I now tried to telnet/SSH onto the command line of the WLC, i could see from the radius log that i was been succesfully authenticated, but it would not let me onto the cmd line??? it just returns me to the username prompt?

Any isead what im missing?

5 REPLIES
Silver

Re: ***WLC AAA for admin access***

Complete these steps in order to add the WLC as an AAA client in the ACS.

From the ACS GUI, choose the Network Configuration tab.

Under AAA Clients, click Add Entry.

In the Add AAA Client window, enter the WLC host name, the IP address of the WLC, and a shared secret key. See the example diagram under step 5.

From the Authenticate Using drop-down menu, choose RADIUS .

Click Submit + Restart in order to save the configuration.

New Member

Re: ***WLC AAA for admin access***

Thanks, I did that but i still think something is missing relating to authorization, because when i try to connect I authenticate but it then said i have no access??

Re: ***WLC AAA for admin access***

I'm confused here. Are you using IAS (Microsoft), or ACS (Cisco)?

New Member

Re: ***WLC AAA for admin access***

Using IAS

Re: ***WLC AAA for admin access***

I guess you missed to send the correct RADIUS attributes back to the WLC (for authorization purposes).

The roles are: MONITOR, WLAN, CONTROLLER, WIRELESS, SECURITY, MANAGEMENT, COMMANDS and ALL.

I'm not sure what attribute has to be sent back. The only documentation I can find is with TACACS+ AAA.

But I'm pretty sure it's an authorization issue.

193
Views
0
Helpful
5
Replies
CreatePlease login to create content