FortiAuthenticator provides access management and single sign on.
Article Id 232216
Description This article describe how to configure FortiAuthenticator as TACACS+ server for Cisco Wireless Controller (Cisco WLC)

FortiAuthenticator, Cisco WLC.


Refer to this document guide to configure TACACS+ on FortiAuthenticator:


If that guide is followed, it will work for Cisco Switches/Routers, but for Cisco WLC, additional configuration on FortiAuthenticator side are needed.


1) Configure new TACACS+ Authorization Services for Cisco WLC:


cisco wlc1.png

 cisco wlc2.png


- The highlighted value is mandatory.

- The service name must be 'ciscowlc'.

- The attribute value is 'ALL', for read/write admin role.


If this will be used for another admin role, it might be necessary to change it to another value depending on what Cisco WLC expected.


2) Assign the new service to the TACACS+ Authorization rule.


cisco wlc3.png


cisco wlc4.png


3) Then assign this rule to the user/user group.


cisco wlc5.png