- Auto Anchor SSID between Wireless LAN Controllers acting as MC
- Enabling Central Web Authentication on ISE
- Configuring Auto Anchor and Mobility Groups on Wireless Services
- Configuring Wireless Multicast on Wireless LAN Controllers
- Converged Access Consolidated Quick Reference Templates for Wireless LAN
- Converged Access Controller AP Join Issue Troubleshoot with Traces
- Converged Access Controllers MAC Address Entry for Network Mobility Service Protocol
- Configuration Example: Converged Access Management through Prime Infrastructure with SNMP v2 and v3
- Converged Access Path Maximum Transmission Unit Discovery
- Third-Party Certificate Installation on Converged Access Wireless LAN Controllers
- Configuration Example: Converged Access for WLC EAP-FAST with Internal RADIUS Server
- Converged Access and WLC Local EAP Authentication Configuration Example
- Configuration Example: Custom Web Authentication with Local Authentication
- Dynamic VLAN Assignment with Converged Access and ACS 5.2 Configuration Example
- Configuration Example: External RADIUS Server EAP Authentication
- External Web Authentication on Converged Access
- Installing Wireless Services
- Local Web Authentication with External RADIUS Authentication
- Local Web Authentication on Converged Access
- PEAP Authentication with Microsoft NPS Configuration
- QoS on Converged Access Controllers and Lightweight Access Points
- Configuration Example: TACACS Administrator Access to Converged Access Wireless LAN Controllers
- Configuration Example: Unified Access WLC Guest Anchor with Converged Access
- VideoStream Troubleshooting
- Custom Web Authentication Locally Hosted on WLC or an External Server
- Wireless Converged Access Chromecast Configuration Example
- Web Passthrough Configuration Example
- Configuration Examples: WPA2-PSK and Open Authentication
- Network Diagram for TACACS Administrator Access
- Configuring TACACS Administrator Access to the Converged Access WLCs
- Configuring TACACS Administrator Access to Converged Access WLCs
- Verifying TACACS Administrator Access to the Converged Access WLC
- Troubleshooting TACACS Administrator Access to the Converged Access WLC
Configuration Example: TACACS Administrator Access to Converged Access Wireless LAN
Controllers
This document provides a configuration example for Terminal Access Controller Access Control System Plus (TACACS+) in a Cisco Catalyst 3850 Series, and Cisco Catalyst 3650 Series Switches for CLI and GUI. This document also provides basic tips to troubleshoot the configuration.
TACACS+ is a client and server protocol that provides centralized security for users who attempt to gain management access to a router or network access server. TACACS+ provides the following Authentication, Authorization, and Accounting (AAA) services:
- Network Diagram for TACACS Administrator Access
- Configuring TACACS Administrator Access to the Converged Access WLCs
- Configuring TACACS Administrator Access to Converged Access WLCs
- Verifying TACACS Administrator Access to the Converged Access WLC
- Troubleshooting TACACS Administrator Access to the Converged Access WLC
Network Diagram for TACACS Administrator Access
The following figure displays the network diagram for TACACS Administrator Access:
Configuring TACACS Administrator Access to the Converged Access WLCs
Configuring TACACS Administrator Access to the Converged Access WLCs includes the following two steps:
Configuring TACACS Administrator Access to Converged Access WLCs
Verifying TACACS Administrator Access to the Converged Access WLC
Confirm that your configuration works properly by perform the following steps:
Troubleshooting TACACS Administrator Access to the Converged Access WLC
Note | Refer to Important Information on before using debug commands
|
To troubleshoot your configuration, use the debug tacacs command.
debug tacacs
*May 14 23:11:06.396: TPLUS: Queuing AAA Authentication request 4775 for processing
*May 14 23:11:06.396: TPLUS(000012A7) login timer started 1020 sec timeout
*May 14 23:11:06.396: TPLUS: processing authentication continue request id 4775
*May 14 23:11:06.396: TPLUS: Authentication continue packet generated for 4775
*May 14 23:11:06.396: TPLUS(000012A7)/0/WRITE/962571D4: Started 10 sec timeout
*May 14 23:11:06.396: TPLUS(000012A7)/0/WRITE: wrote entire 25 bytes request
*May 14 23:11:06.398: TPLUS(000012A7)/0/READ: socket event 1
*May 14 23:11:06.398: TPLUS(000012A7)/0/READ: read entire 12 header bytes (expect
16 bytes data)
*May 14 23:11:06.398: TPLUS(000012A7)/0/READ: socket event 1
*May 14 23:11:06.398: TPLUS(000012A7)/0/READ: read entire 28 bytes response
*May 14 23:11:06.398: TPLUS(000012A7)/0/962571D4: Processing the reply packet
*May 14 23:11:06.398: TPLUS: Received authen response status GET_PASSWORD (8)
*May 14 23:11:08.680: TPLUS: Queuing AAA Authentication request 4775 for processing
*May 14 23:11:08.680: TPLUS(000012A7) login timer started 1020 sec timeout
*May 14 23:11:08.680: TPLUS: processing authentication continue request id 4775
*May 14 23:11:08.680: TPLUS: Authentication continue packet generated for 4775
*May 14 23:11:08.680: TPLUS(000012A7)/0/WRITE/962571D4: Started 10 sec timeout
*May 14 23:11:08.680: TPLUS(000012A7)/0/WRITE: wrote entire 25 bytes request
*May 14 23:11:08.687: TPLUS(000012A7)/0/READ: socket event 1
*May 14 23:11:08.687: TPLUS(000012A7)/0/READ: read entire 12 header bytes (expect
6 bytes data)
*May 14 23:11:08.687: TPLUS(000012A7)/0/READ: socket event 1
*May 14 23:11:08.687: TPLUS(000012A7)/0/READ: read entire 18 bytes response
*May 14 23:11:08.687: TPLUS(000012A7)/0/962571D4: Processing the reply packet
*May 14 23:11:08.687: TPLUS: Received authen response status PASS (2)
*May 14 23:11:08.687: TPLUS: Queuing AAA Authorization request 4775 for processing
*May 14 23:11:08.687: TPLUS(000012A7) login timer started 1020 sec timeout
*May 14 23:11:08.687: TPLUS: processing authorization request id 4775
*May 14 23:11:08.687: TPLUS: Protocol set to None .....Skipping
*May 14 23:11:08.687: TPLUS: Sending AV service=shell
*May 14 23:11:08.687: TPLUS: Sending AV cmd*
*May 14 23:11:08.687: TPLUS: Authorization request created for 4775(surbg123)
*May 14 23:11:08.687: TPLUS: using previously set server 10.106.102.50 from
group SURBG_ACS
*May 14 23:11:08.688: TPLUS(000012A7)/0/NB_WAIT/93C63F04: Started 10 sec timeout
*May 14 23:11:08.690: TPLUS(000012A7)/0/NB_WAIT: socket event 2
*May 14 23:11:08.690: TPLUS(000012A7)/0/NB_WAIT: wrote entire 61 bytes request
*May 14 23:11:08.690: TPLUS(000012A7)/0/READ: socket event 1
*May 14 23:11:08.690: TPLUS(000012A7)/0/READ: Would block while reading
*May 14 23:11:08.696: TPLUS(000012A7)/0/READ: socket event 1
*May 14 23:11:08.696: TPLUS(000012A7)/0/READ: read entire 12 header bytes (expect
18 bytes data)
*May 14 23:11:08.696: TPLUS(000012A7)/0/READ: socket event 1
*May 14 23:11:08.696: TPLUS(000012A7)/0/READ: read entire 30 bytes response
*May 14 23:11:08.696: TPLUS(000012A7)/0/93C63F04: Processing the reply packet
*May 14 23:11:08.696: TPLUS: Processed AV priv-lvl=15
*May 14 23:11:08.696: TPLUS: received authorization response for 4775: PASS