I think this is a bug, but I wanted to check if others have the same problem. If we try to delete rogue AP's under MONITOR > Rogues with Remove Selected then we get a error message Authorization Failed. No sufficient privileges. At first sight, it looks like the AP's are gone, but if you click on the same menu again, they are still there.
My ACS admin user has role1=ALL. I even tried to set role1=MONITOR, then I don't get the message above, but it is stated that I can not delete known rogue AP's.
Thanks a lot in advance and best regards
With RADIUS it is working, so I contacted TAC and they opened the following Bug report: CSCub76374
Thank you for returning back to provide the bug ID.
So, the problem is with TACACS+ only but not with RADIUS? (You did not mention anything about TACACS+ in your original post above).
Just to make the thread more informative to others, what is the exact WCS version that you are using?
yes, the problem occurs only with TACACS+, I did not mention that in the first post because I did not know it then ;-)
And the problem only occurs on WLC - as mentioned in the discussion title - not on WCS. The versions I tested were 22.214.171.124 and 126.96.36.199.
I meant WLC, not WCS. sorry.
But, wait, for RADIUS there is no roles. Authorization can be configured only with TACACS+. right?
so, I suppose issue is not appearing if you are using local admin? right?
Is there anything appear in TACACS+ administration logs in the TACACS+ server when you apply the action you metnioned above? (removing selected rogues)?
You want to say "Thank you"? Don't. Just rate the useful answers, that is more useful than "Thank you".
no problem ;-) Excatly, there is no authorization via RADIUS, but with RADIUS for management user it is working. And yes, also for local admins it works.
There were no errors in the ACS 4.2 logs for TACACS+ authorization, that's why I needed to open the case to see if it is really a bug or if I missconfigured anything.
I had this same problem a while back and was told to change priority order from tacacs to local. this worked for a small amount of time but now I'm back to not being able to remove rogues from the WLC.
did you change back to TACACS+ or did you do an upgrade (if so, to which WLC version)?
It must be the extreme cold of Antarctica. Take the WLC to new Zealand! Lol
So you can't remove with even a local account....sounds like a bug to me
Sent from Cisco Technical Support iPhone App
I remembered my workaround. I created a new management user with read/write access. Changed to local management and was able to remove rogues.