Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

TACACS+ not working with 5760 WLC

Hi all,

hopefully someone can help me further.

I am currently configuring one of our 5760 WLCs and I have difficulties to get TACACS+ working.

This is the configuration (note the values are exemplary):

aaa group server tacacs+ auth_grp

  server name tacacs_server

!

aaa authentication banner ^

*******************************************************

*  ! TACACS server cannot be reached at the moment !  *

*******************************************************

^

aaa authentication login default group auth_grp local

aaa authentication enable default group auth_grp enable

aaa authorization exec default group auth_grp local

aaa accounting exec default start-stop group auth_grp

aaa accounting commands 15 default start-stop group auth_grp

!

tacacs-server directed-request

tacacs server tacacs_server

  address ipv4 10.10.10.10

  key 0 shared_secret

!

I have already compared this configuration to other devices where it is identical and which also successfully authenticate. I have ensured that the device has been entered in the TACACS server as an AAA client. I tested it with ACS4 as well as ACS5.

Tacacs debug on the WLC shows that the request times out.

After doing a packet capture I noticed that the WLC resets the TCP connection after the SYN,ACK from the TACACS Server.

IOS version is 3.2.2SE

Does anyone have a hint?

Regards,

Patrick

2 REPLIES
New Member

TACACS+ not working with 5760 WLC

Just found out myself.

Tacacs does not work, if the request is going via the Mgmt Port. I had to use the data ports.

Would be nice, if this is going to be implemented in a future release.

Regards,

Patrick

TACACS+ not working with 5760 WLC

Thanks Patrick for sharing the info

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
897
Views
10
Helpful
2
Replies
CreatePlease to create content