Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
darisandy
Staff
Staff

Created on ‎12-04-2022 10:44 PM Edited on ‎02-05-2024 06:33 AM By Moderator

Article Id 232216

Technical Tip : TACACS+ Configuration for FortiAuthenticator and Cisco WLC

Description This article describe how to configure FortiAuthenticator as TACACS+ server for Cisco Wireless Controller (Cisco WLC)
Scope

FortiAuthenticator, Cisco WLC.
Solution

Refer to this document guide to configure TACACS+ on FortiAuthenticator:

https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/791531/tacacs-servi...

 

If that guide is followed, it will work for Cisco Switches/Routers, but for Cisco WLC, additional configuration on FortiAuthenticator side are needed.

 

1) Configure new TACACS+ Authorization Services for Cisco WLC:

 

cisco wlc1.png

 cisco wlc2.png

 

- The highlighted value is mandatory.

- The service name must be 'ciscowlc'.

- The attribute value is 'ALL', for read/write admin role.

 

If this will be used for another admin role, it might be necessary to change it to another value depending on what Cisco WLC expected.

 

2) Assign the new service to the TACACS+ Authorization rule.

 

cisco wlc3.png

 

cisco wlc4.png

 

3) Then assign this rule to the user/user group.

 

cisco wlc5.png
Labels:
3094
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.