Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Urgent !! ACS 5.1 and RADIUS for Switch and WLC

Anyone know how to configure ACS5.1 with RADIUS ?

I setup as the following but fail..

   step 1: Network Resources --> Network Devices and AAA Clients

               Added 2 devices objects, both "checked" RADIUS for Switch and WLC

   step 2: Users and Identity Stores --> Internal Identity Stores --> Users

               Added 1 users "test" under "All Groups"

 

   step 3:Policy Elements --> Authorization and Permissions --> Network Access

               Created "Enable 15" with RADIUS Attributes

                  cisco-av-pair , String , shell:priv-lvl=15

   step 4a: Access Policies --> Default Network Access --> Identity

               Create "Rule-1",

                           Compound Condition: RADIUS-IETF:Service-Type match Administrative

                           Results: Identity Source: Internal Users

   step 4b: Access Policies --> Default Network Access -->Authorization

               Create  "Rule-1"

                           Conditions: Identity Groups "All Groups"   

                           Results: Enable 15

   However, when I login with user "test" to Cisco Switch, it sucess to login but fail to get into enable(privilege) mode. Anyone help? and what I miss?

  

   Switch> enable

   password:

   %Access denied

  

   For WLC, it login but fail too.

   Customer Requirements -- I can't use "TACACS+" ways!! Also, WLC is not allowed to use TACACS+ for user management

Everyone's tags (7)
329
Views
0
Helpful
0
Replies