Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC >7.0 no sufficient privileges to delete rogue AP's

Hi there

I think this is a bug, but I wanted to check if others have the same problem. If we try to delete rogue AP's under MONITOR > Rogues with Remove Selected then we get a error message Authorization Failed. No sufficient privileges. At first sight, it looks like the AP's are gone, but if you click on the same menu again, they are still there.

My ACS admin user has role1=ALL. I even tried to set role1=MONITOR, then I don't get the message above, but it is stated that I can not delete known rogue AP's.

Thanks a lot in advance and best regards

Dominic

1.png

2.png

Everyone's tags (1)
10 REPLIES
New Member

WLC >7.0 no sufficient privileges to delete rogue AP's

With RADIUS it is working, so I contacted TAC and they opened the following Bug report: CSCub76374

WLC >7.0 no sufficient privileges to delete rogue AP's

Hi Dominic,

Thank you for returning back to provide the bug ID.
So, the problem is with TACACS+ only but not with RADIUS? (You did not mention anything about TACACS+ in your original post above).

Just to make the thread more informative to others, what is the exact WCS version that you are using?

Thanks.

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

WLC >7.0 no sufficient privileges to delete rogue AP's

Hi Amjad

yes, the problem occurs only with TACACS+, I did not mention that in the first post because I did not know it then ;-)

And the problem only occurs on WLC - as mentioned in the discussion title - not on WCS. The versions I tested were 7.0.235.0 and 7.2.110.0.

Regards

Dominic

WLC >7.0 no sufficient privileges to delete rogue AP's

Hi Dominic,

I meant WLC, not WCS. sorry.

But, wait, for RADIUS there is no roles. Authorization can be configured only with TACACS+. right?

so, I suppose issue is not appearing if you are using local admin? right?

Is there anything appear in TACACS+ administration logs in the TACACS+ server when you apply the action you metnioned above? (removing selected rogues)?

Thanks.

Amjad

You want to say "Thank you"? Don't. Just rate the useful answers, that is more useful than "Thank you".

Rating useful replies is more useful than saying "Thank you"
New Member

WLC >7.0 no sufficient privileges to delete rogue AP's

Hi Amjad

no problem ;-) Excatly, there is no authorization via RADIUS, but with RADIUS for management user it is working. And yes, also for local admins it works.

There were no errors in the ACS 4.2 logs for TACACS+ authorization, that's why I needed to open the case to see if it is really a bug or if I missconfigured anything.

Best regards

Dominic

New Member

WLC >7.0 no sufficient privileges to delete rogue AP's

I had this same problem a while back and was told to change priority order from tacacs to local. this worked for a small amount of time but now I'm back to not being able to remove rogues from the WLC.

New Member

WLC >7.0 no sufficient privileges to delete rogue AP's

Hi Kyle

did you change back to TACACS+ or did you do an upgrade (if so, to which WLC version)?

Best regards

Dominic

New Member

WLC >7.0 no sufficient privileges to delete rogue AP's

I didn't do an upgrade, we are on 7.0.220.0. I can't remove rogue ap's using either local or tacacs.

Re: WLC >7.0 no sufficient privileges to delete rogue AP's

It must be the extreme cold of Antarctica. Take the WLC to new Zealand! Lol

So you can't remove with even a local account....sounds like a bug to me

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

WLC >7.0 no sufficient privileges to delete rogue AP's

I remembered my workaround. I created a new management user with read/write access. Changed to local management and was able to remove rogues.

1061
Views
15
Helpful
10
Replies