Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC authentication issue to ACS

When I web browse to a WLC I enter my username and password. However it keeps propting me as though the login is incorrect. When I check the ACS server it is showing successful login attempts. Why would the ACS successfully authenticate but the WLC still stops me from accessing it?

6 REPLIES
New Member

Re: WLC authentication issue to ACS

This is the log from the WLC. On the ACS it says it has passed. I have altered to the username field below.

*Jan 13 02:27:09.532: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2092 Login failed. User:Johnsmith. Service-Type is not present or it doesn't allow READ/WRITE permission..

New Member

Re: WLC authentication issue to ACS

Hi Danhosking,

You need to set roles for the user in the ACS. Read this document under "Configure TACACS+ on the ACS":

http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52sol.html#wp1422107

After thats done, you should be able to login to the WLC.

Good luck!

Johan

New Member

Re: WLC authentication issue to ACS

Hi,

The roll has been set for Admin with no luck. I raised a TAC case and it seems the WCS and WLC are casuing a conflict when they are both set up to authenticat management users to the ACS. If just the WLC and ACS are configured it works, or just he WCS and ACS it works but not both. I will update when I have a work around.

New Member

Re: WLC authentication issue to ACS

Hi,

I didn't know about that issue you describe. A workaround could be to use Radius in WCS and TACACS+ for WLC. That should work.

Hall of Fame Super Silver

Re: WLC authentication issue to ACS

The problem is that in ACS you can only specify one device to either use radius or tacacs. So if you are authenticating users in the wlc to use that ACS server, then you can't setup tacacs also. You need to setup the wlc to use radius.

-Scott
*** Please rate helpful posts ***
New Member

Re: WLC authentication issue to ACS

For anyone searching for this, check the RADIUS shared key. Try something small and easy.

We found that having a complex key often causes problems. Test with test. 

883
Views
0
Helpful
6
Replies