Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WCS 6.0 ACS 5.1

Has anyone been able to add WCS 6.0 and any WLCs running 6 code to an ACS 5.1 box yet? I cannot find any documents for 5.1 on how to add these.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: WCS 6.0 ACS 5.1

I checked with the wireless guys and he said that wlc 6.x should be fine with acs 5.1.

21 REPLIES
Cisco Employee

Re: WCS 6.0 ACS 5.1

WCS 6.x integrated with ACS 5.x is not currently supported but should be supported in the WCS 7.x release.

Community Member

Re: WCS 6.0 ACS 5.1

What about version 6 of the Controller code and ACS 5.1?

Cisco Employee

Re: WCS 6.0 ACS 5.1

I checked with the wireless guys and he said that wlc 6.x should be fine with acs 5.1.

Community Member

Re: WCS 6.0 ACS 5.1

Where can I get something on how to setup the WLC to talk with ACS 5.1?

Cisco Employee

Re: WCS 6.0 ACS 5.1

I checked the config guide for the 6.x WLC code and it still shows the older version of ACS in the guide.  I would assume the 7.x versions will get the new screenshots.  If you can open a ticket the folks in AAA should be able to assist though.  I have not done a 5.1 config or I'd be happy to help.

Community Member

Re: WCS 6.0 ACS 5.1

I will go that route. Thank you for your help.

Community Member

Re: WCS 6.0 ACS 5.1

I worked with TAC on this yesterday, we were able to get my WLCs working with ACS 5.1 using Radius....NOT Tacacs,

this only remaining issue i have is with WCS, trying to  match the correct Auth policy, if i match to enable priv 15 , all cisco hardware authenicates

fine, but cant auth to my WCS, if i move the WCS policy up with its custom attributes i can get into the WCS, but the cisco hardware fails.

Almost there, any ideas, so far i really like acs 5.1, big improvement from my MCS 7800's running 4.0 acs.

Community Member

Re: WCS 6.0 ACS 5.1

GOT IT, i added another match condtion (NDG) in the Device Administration Authorization Policy, and then for my rule-1 which enabled Priv 15, i added

not in NDG device type WCS, this way everything matched on it except my WCS server, so it used the custom attibutes i created for it.

Community Member

Re: WCS 6.0 ACS 5.1

Hi,

Please can you elaborate the steps taken to Integrate WCS 6.0 with ACS 5.1?

Thanks

Volven

Community Member

Re: WCS 6.0 ACS 5.1

Volven,

          Starting on the WCS server, Administration/TACACS, i added a server,

AAA mode was then set to TACACS.

On my ACS server i added the WCS server under network devices and AAA clients, using the same shared tacacs key.

Next under Policy elements/Authorization and permissions/Device Administration/Shell Profile i created a new shell profile

called WCS Custom, open the custom attributes tab.

the following needs to be added exactly in this order

role0=Admin
task0=Users and Groups
task1=Audit Trails
task2=TACACS+ Servers
task3=RADIUS Servers
task4=Logging
task5=License Center
task6=Scheduled Tasks and Data Collection
task7=User Preferences
task8=System Settings
task9=View Alerts and Events
task10=Email Notification
task11=Delete and Clear Alerts
task12=Pick and Unpick Alerts
task13=Ack and Unack Alerts
task14=Configure Controllers
task15=Configure Templates
task16=Configure Config Groups
task17=Configure Access Points
task18=Configure Access Point Templates
task19=Migration Templates
task20=Configure Choke Points
task21=Configure Spectrum Experts
task22=Auto Provisioning
task23=Monitor Controllers
task24=Monitor Access Points
task25=Monitor Clients
task26=Monitor Tags
task27=Monitor Security
task28=Monitor Chokepoints
task29=Monitor Spectrum Experts
task30=Interferers Search
task31=Mesh Reports
task32=Client Reports
task33=Performance Reports
task34=Security Reports
task35=Voice Audit Report
task36=Maps Read Only
task37=Maps Read Write
task38=Client Location
task39=Rogue Location
task40=Planning Mode
task41=Virtual Domain Management
task42=High Availability Configuration
task43=Health Monitor Details
task44=Configure WIPS Profiles
task45=Global SSID Groups
task46=WIPS Service
task47=Configure Lightweight Access Point Templates
task48=Configure Autonomous Access Point Templates
task49=Scheduled Configuration Tasks
task50=Configure Location Sensors
task51=Configure ACS View Servers
task52=Monitor Location Sensors
task53=RRM Dashboard
task54=Compliance Assistance Reports
task55=Config Audit Dashboard
task56=Guest Reports
task57=Configure Ethernet Switch Ports
task58=Configure Ethernet Switches
task59=Device Reports
task60=Network Summary Reports
task61=Compliance Reports
task62=Report Launch Pad
task63=Run Reports List
task64=Saved Reports List
task65=Report Run History

Finally under Access policies/Default device admin/authorization i created a new rule called WCS, matching on tacacs as the protocol and under results i called the new WCS Custom profile we created earlier, under command sets i selected Allow ALL.

If you move this rule up it will work, i got around having to move it by excluding WCS as i stating in my earlier post,

I've added some screenshots to support my ramblings

Good Luck

Community Member

Re: WCS 6.0 ACS 5.1

Hi,

Thanks for your response, actually I have done exactly as what you have suggested, the only difference being I have created the Root Group. Every time i try to login an error gets reported regarding Groups not being defined.

I currently have no access to the ACS, however will send more snapshots tomorrow.

Cheers

Volven

Community Member

Re: WCS 6.0 ACS 5.1

Attached are my snapshots, I have included the LobbyAmbassador role created in ACS and snapshots of the corresponding configs in the ACS and WCS. Also included is the error message i receive.

Thanks

Volven

Community Member

Re: WCS 6.0 ACS 5.1

Hi All,

Ignore the error page within the Zip, attached a wrong image... See the one attached to this post..

Cheers

Volven

Community Member

Re: WCS 6.0 ACS 5.1

Got it working..

Seems to be a BUG, had to follow a crazy procedure.

Before adding any attributes i had to add the Virtual Domain attribute even though i have only the root domain and than follow it up with the role and tasks list. Once saved, I had to go back and delete the Virtual Domain attribute and than it works fine. Tested this by creating different roles and it only worked by first creating the virtual domain attribute and than deleting it.

Hope someone else facing a similar issue finds this useful. The versions i am using are..

WCS - 6.0.181.0

ACS - 5-1-0-44-2

Cheers

Volven

Community Member

Re: WCS 6.0 ACS 5.1

Thank you for the details on the bug find!!  I had the same issue and was able to resolve by adding the virtual domain attribute and then removing it.  Funny how it doesn't even work with that attribute set, but you need to do it to get the rest working.

Community Member

Re: WCS 6.0 ACS 5.1

Thx Heaps for your comment. I was fiddling around with the attributes for about 4 hours before I found this post. I followed your tip and it worked perfectly! Now I've got to do the same for the WLCs!

Community Member

Re: WCS 6.0 ACS 5.1

"If you move this rule up it will work, i got around having to move it by  excluding WCS as i stating in my earlier post"

Hey kmcsweeg,

I got TACACS on WLC tpo work but only by moving it up to the top. However when I do this it breaks TACACS for my switches, firewalls e.t.c. Can you elaborate on how you got it to work by "exluding the WCS" ?

Thanks,

Eoin.

Re: WCS 6.0 ACS 5.1

I had this same issue with WCS 6.0.181.0 and ACS 5.1.0.44.3, added task41=Virtual Domain Management but

had to leave it there for Lobby access to work.

Is there a Cisco Bug id for this?

Re: WCS 6.0 ACS 5.1

So WCS 7.0.164.0 has been out awhile, have there been any improvements for using WCS 7.x with ACS 5.2 ?  Or do I still need to setup all these taskx= in the ACS server?

Re: WCS 6.0 ACS 5.1

CSCsy77385  TACACS and RADIUS custom attribute for Virtual Domain not documented

CSCtc20592  AW: TACACS AAA failing, TACACS users not in Virtual Domain
Documentation does not detail how to add a TACACS+ user into the virtual domain.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.sh

Community Member

Re: WCS 6.0 ACS 5.1

Hi,

Have we to write task0,,,n  one by one ? it takes quit a lot of time .

or can we just take copy paste ? like in ACS4.X ?

3597
Views
0
Helpful
21
Replies
CreatePlease to create content