Hi all - I was working on WLC Tacacs Admin access tonight and hit something I can't explain yet, hoping someone can shed light. I followed the normal steps for the policy (role1, ALL), and under the Access Policy I included "Authentication Method" for one of the conditions that needed to be matched. As I would in Radius, I set the "Authentication Method" to "PAP_ASCII".
When I attempt to login to the WLC, the gui login window keeps returning telling me something has failed. Interestingly, I go to ACS and see I have a perfect match and auth has succeeded. After troubleshooting for a while, I eventually removed "Authentication Method" as one of the conditions – which resulted in authentication immediately succeeding on not just ACS but also WLC. I'm confused now on two fronts (not uncommon ;) First, why did ACS show everything successful when the WLC was obviously not on the same page? Second, why did removing Auth Method as a condition cause WLC to suddenly start accepting the auth? Thanks - Jay Killion, CCIE #17873 R/S
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
