Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1357
Views
0
Helpful
3
Replies

tacacs preferred over local login, but not able to connect using local and tacacs credentials

228340tarun
Level 1
Level 1

‎05-26-2012 05:02 PM - edited ‎07-03-2021 10:12 PM

Hi,

I have applied tacacs access in the WLC and gave tacacs higher priority than local login. Something happened wrong and the box kicked me out. Now even the local login id and pwd is not working even when no communication taking place between WLC and tacacs

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
3 Replies 3

Amjad Abdullah
VIP Alumni
VIP Alumni

‎05-27-2012 01:23 AM

Hi,

If you configured the box correctly and TACACS+ server is not reachable then you should be able to login with your local credentials. Make 100% sure that TACACS+ server is not reachable and give it a try.

If this is not the case I think you configured only TACACS+ and did not choose local as the second method.

If you did not save the configuration try reloading the box and try again.

If you are sure about your configuration try console access to the box if it is going to accept your local password (while ACS is not reachable of course).

Hope of of the above will help.

Amjad

Rating useful replies is more useful than saying "Thank you"
0 Helpful

228340tarun
Level 1
Level 1

‎05-27-2012 03:51 AM

Hi Amjad,

Thanks for the solution.

I did configure the WLC with local login as second preferred method. One strange thing is that thus box is not sending any request to the tacacs server which is confirmed by applying an access list in the switch to which this box is connected. The access list was applied to stop any communication between the two so that the box would accept the local login credentials, but this access lust got no hits...... Logically, when there is no comm. going on between the two, it should accept local login.

Thanks

Tarun

Sent from Cisco Technical Support iPhone App

0 Helpful

Amjad Abdullah
VIP Alumni
VIP Alumni
In response to 228340tarun

‎05-27-2012 04:12 AM

Turna:

We need to be careful about what we describe. No hits on the ACL does not necessarily mean that the WLC does not send any request. Rather, it could possibly mean that the access list does not match and the traffic is not being blocked so it reaches TACACS+ server.

The other way to make sure there are no requests is:

- Use sniffer trace.

- Check ACS logs for any failed/passed authentication for TACACS+ traffic from the WLC.

I suggest that you disconnect either WLC or AAA server from the network then try the local credentials one more time. If you are sure your credentials are correct and it did not work this way I have no other idea to proceed except recovering the device to default settings and configuring it again.

If you are not sure if your local credentials are correct or not there is a way to recover the password from console to make sure.

HTH

Amjad

p.s: you can also change your ACL to permit the TACACS+ rather than dropping it. and check if there is any traffic will be caught by the ACL.

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card