AAA, NAC, Guest Access & BYOD

 View Only
last person joined: one year ago 

Solutions for legacy and existing products and solutions, including Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, and Introspect
Back to Library

TACACS Enabled authentication fails for Enable mode 

Nov 15, 2016 01:58 PM

Q:

TACASCS management authentication fails when we try to move to enable mode in MRV Console servers. Why does that happen?



A:

CLI authentication works normally. However when we try to login to the enable mode in CLI, that triggers another authentication which results in a failure. We can observe following message in the Alerts Tab, "Unsupported Tacacs parameter in request".

This happens because the TACACS+ authentication request triggered when we try to move to enable mode lacks "authen_type" parameter.

 Enable Requests

authen_type = not used

Current CPPM version will reject request if 'authen_type' is not specified for ENABLE requests, however as per RFC, Clearpass is supposed to proceed by treating request as ASCII. 

Changes will be made to use default AUTHEN_TYPE as ASCII instead of rejecting the enable request in an upcoming CPPM 6.6.x patch (tentatively 6.6.4). Please validate the release by checking for Bug ID # 36879 in the Issues Fixed section for the upcoming 6.6.x patch release notes.

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.