Cisco Cisco Wireless Control System Version 4.0 Troubleshooting Guide
Understanding RADIUS and TACACS+
Authentication on WCS
Authentication on WCS
Document ID: 99951
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
RADIUS Access−Accept Packets on WCS
Appendix A− Typical Access Accept from ACS
Related Information
Prerequisites
Requirements
Components Used
Conventions
RADIUS Access−Accept Packets on WCS
Appendix A− Typical Access Accept from ACS
Related Information
Introduction
This paper documents the RADIUS access−accept packet that is received at the Wireless Control System
(WCS) from the AAA server, and discusses troubleshooting tips for both RADIUS authentication and
TACACS+ authentication.
(WCS) from the AAA server, and discusses troubleshooting tips for both RADIUS authentication and
TACACS+ authentication.
Note: This document does not discuss how the WCS uses TomCat to authenticate users, but discusses the
RADIUS access−accept format and gives an example of a good access−accept response.
RADIUS access−accept format and gives an example of a good access−accept response.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
Knowledge of WCS
•
Knowledge on Lightweight Access Point Protocol (LWAPP)
•
Components Used
This document is not restricted to specific software and hardware versions.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
RADIUS Access−Accept Packets on WCS
When customers use a RADIUS or TACACS+ server to login to the WCS, the AAA server, after verifying
username and password, sends back an access−accept packet with a usergroup and a list of tasks that the user
can perform.
username and password, sends back an access−accept packet with a usergroup and a list of tasks that the user
can perform.
Note: The access−accept comes back as a fragmented packet because of the large number of tasks in some
user groups.
user groups.