Skip to content

How to configure Tacacs+ on Cisco ACS 5.2 for CUWN (part 1 WLC )

November 28, 2012

Hi all, this is the first post for centralize authentication to all the CUWN appliance , under Cisco ACS 5.2

Part 1 : Configuring the WLC’s.

Log-in to your WLC and under the security tab > TACACS+ define the Authentication Servers, keep in mind that the default Server Timeout is 5, in our experience after all the configuration, everithing was fine, but we can’t access the WLC, so we finally discover that it’s mandatory increase the server timeout, like 10 seconds.

Part 2 : Configuring the CSACS.

Log-in to your CSACS and :

1. Define under > network device group > Device type : your infrastructure WLC – WCS – NCS – etcc..

2. Define under > Network device ad AAA Clients : your range or single ip address of your WLC and the authentication type TACACS+ in  this case, with the shared-secret.

3. Define under > Policy element > Device administration > Shell Profile the custom attribute for your WLC:  role1=ALL

ALL mean that you have access to all the tabs in the web-interface, kind of level15access ,you can customize as well like role1=WLAN then you have access only to that tab.

4. Define under > Access Policies > Access services a new-one (in this case, we didn’t select a group mapping ’cause we are going to authenticate against AD , then proceed as follow, once ready open the Monitoring and report > TACACS authentication today and test your AD credential via


Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Networking tips

Wahl Network

Technical Solutions for Technical People