Hot!RSSO - Cisco WLC

Author
dwysocki@elginisd.net
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/02/24 07:27:17
  • Status: offline
2018/09/01 15:49:30 (permalink)
0

RSSO - Cisco WLC

We are trying to setup the RSSO with our cisco wlc.
 
We are sending the radius accounting traffic to the fortigate.
 
We are seeing the user_names in the  logs but the groups are not showing.
 
Our users connect to the cisco WLC and are auth with the cisco ACS.
I have configured the ACS to send the WLC the correct class attribute, however we hare seeing two class attributes come from the WLC.
 
61,07:45:16,"10.80.0.254""*****blanked out username****","allow","no log","wifi-staff+CACS:ACS1/311035611/31113113",1,No
 
ACS1 is the name of our Cisco ACS radius server.
I have also tried sending the accounting traffic from our WLC to NPS and then to the Fortigate.
 
Same issue.
Is it possible to use a wildcard in the sso-attribute-value?
 
config user radius
edit "RSSO Agent"
set rsso enable
set rsso-radius-response enable
set rsso-validate-request-secret enable
set rsso-secret ENC 
set rsso-endpoint-attribute User-Name
next
end
 
edit "RSSO-Wifi-Students"
set group-type rsso
set sso-attribute-value "wifi-students"
next
edit "RSSO-Wifi-Staff"
set group-type rsso
set sso-attribute-value "wifi-staff*"
next
edit "RSSO-Wifi-PHS-Students"
set group-type rsso
set sso-attribute-value "wifi-phs-students"
next

Attached Image(s)

#1

2 Replies Related Threads

    pami
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/23 02:27:12
    • Status: offline
    Re: RSSO - Cisco WLC 2018/09/03 03:51:52 (permalink)
    0
    Hi,
    No wildcards, class needs to match the string defined for the rsso-group exactly.
    #2
    ShawnZA
    New Member
    • Total Posts : 8
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/02 23:31:22
    • Status: offline
    Re: RSSO - Cisco WLC 2019/06/26 02:40:10 (permalink)
    0
    Hi, I am also trying the same thing. How do you send the Accounting info from the ACS server to the fortigate?
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5