AAA, NAC, Guest Access & BYOD

TACACS Enabled authentication fails for Enable mode

Aruba Employee
Q:

TACASCS management authentication fails when we try to move to enable mode in MRV Console servers. Why does that happen?



A:

CLI authentication works normally. However when we try to login to the enable mode in CLI, that triggers another authentication which results in a failure. We can observe following message in the Alerts Tab, "Unsupported Tacacs parameter in request".

This happens because the TACACS+ authentication request triggered when we try to move to enable mode lacks "authen_type" parameter.

 Enable Requests

authen_type = not used

Current CPPM version will reject request if 'authen_type' is not specified for ENABLE requests, however as per RFC, Clearpass is supposed to proceed by treating request as ASCII. 

Changes will be made to use default AUTHEN_TYPE as ASCII instead of rejecting the enable request in an upcoming CPPM 6.6.x patch (tentatively 6.6.4). Please validate the release by checking for Bug ID # 36879 in the Issues Fixed section for the upcoming 6.6.x patch release notes.

Version history
Revision #:
2 of 2
Last update:
‎11-15-2016 10:58 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: