Hi all - I wasted a bunch of time this morning on a stupid mistake. Long story short, I added ACS to my WLC for TACACS authentication but forgot to add it also for authorization. I grew increasingly frustrated as I focused my troubleshooting on ACS and could see that my authentication attempts were showing in ACS logs as successful. After beating my head against the wall for a while, I finally started again from scratch and realized what I had wrong.
Here's my question though – is there any other way to see I would have forgot this other than looking at the controller config? What I mean is, had I forgotten to add ACS to the controller at all then it would have been evident since ACS logs wouldn't have shown any requests. Had I misconfigured a password, username, role, etc, I would have seen something in the ACS logs as well that would have pointed me in the right direction. Is there anything specific I could have seen in ACS that would have pointed out my omission of TACACS authorization on the WLC? Of course, I now know that if all looks like it's succeeding on ACS then that's my sign to check, but curious if there's anything that would have been more specific in pointing me to lack of authorization support. Thanks - Jay Killion, CCIE #17873 R/S
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
