Tacacs Authorization on a WLC using ACS
First we’re going to create the Tacacs authorization server on the WLC.
And make sure that Tacacs is being used for authorization. So an authorization server must be provided.
We can do that by reordering the Priority Order of the Management User.
Make sure that Tacacs is at the top.
If we’re saving the configuration and we’re trying to login, it will fail, due to the fact that the WLC can connect to the ACS server, but there isn’t any user yet configured.
If the ACS server is NOT reachable, we can login with our local credentials.
On the ACS server we configure an AAA Client with the ip Address of the WLC and select Tacacs+ (Cisco IOS)
We’ll configure the service : ciscowlc and protocol common.
The attributes can be :
If you enabled the Passed authentification you can see in the logging that everything is succesfull.
Maybe it’s wise to create also the admin user on the ACS that you’re using locally on the WLC. In this case you can always use the accountname with or without the ACS.