Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

WISM2 not working with ACS?

Hi,

 

I have several WISM2 modules and I am trying to set them up for management using TACACS. 

I have configured my ACS server in the TACACS+ Authentication/Accounting/Authorization feild and can confirm firewall policy is allowing communication through port 49. I set the priority order to TACACS>Local, but when i attempt to log onto the device with ACS credentials it fails to give me access to the GUI or CLI.

I can see in the ACS logs I am passing authentication to the device, but on the device itself I am getting authentication failed messages.

Is there some kind of bug in the 7.4 WISM2 code with ACS?

Has anyone else experienced this?

Thanks

5 REPLIES
Hall of Fame Super Silver

I have not seen issues with

I have not seen issues with v7.4 and TACACS. I would make sure your hitting the correct policy first. If ACS is being used by other services, it can be that it's hitting the wrong policy. Look at the log as it will show you the policy that is being hit and also why the auth is failing. Scott
-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Just to add.... make sure you

Just to add.... make sure you have the Shell Profile configured on ACS for the WLC.  This custome attribute should be:

role1=ALL

Scott

-Scott
*** Please rate helpful posts ***
New Member

Yep i have a shell profile

Yep i have a shell profile for WLC's exactly like that :-)

New Member

I've just been going over

I've just been going over logs for the WLC from syslog server and see the following when i attempt to authenticate...

Aug 20 10:19:22 1.1.1.1 MYWISM2: *emWeb: Aug 20 00:19:22.533: #LOG-3-Q_IND: tplus_db.c:1809 Tacacs server is not available for authentication, accounting and/or authorization[...It occurred 2 times.!]

Aug 20 10:19:22 1.1.1.1 MYWISM2: *tplusTransportThread: Aug 20 00:19:22.478: #AAA-3-SELECT_CALL_FAILURE: tplus_db.c:1809 Tacacs server is not available for authentication, accounting and/or authorization

Seems weird that its reporting the Tacacs server is not available when i can see in said tacacs servers log that I'm passing authentication.

 

 

New Member

Thanks for the quick reply

Thanks for the quick reply Scott.

The problem is though.. is doesnt appear Auth is failing. From ACS logs i can see Authentication is successfull, but the WLC thinks otherwise.

201
Views
0
Helpful
5
Replies
CreatePlease to create content