TACASCS management authentication fails when we try to move to enable mode in MRV Console servers. Why does that happen?
CLI authentication works normally. However when we try to login to the enable mode in CLI, that triggers another authentication which results in a failure. We can observe following message in the Alerts Tab, "Unsupported Tacacs parameter in request".
This happens because the TACACS+ authentication request triggered when we try to move to enable mode lacks "authen_type" parameter.
authen_type = not used
Current CPPM version will reject request if 'authen_type' is not specified for ENABLE requests, however as per RFC, Clearpass is supposed to proceed by treating request as ASCII.
Changes will be made to use default AUTHEN_TYPE as ASCII instead of rejecting the enable request in an upcoming CPPM 6.6.x patch (tentatively 6.6.4). Please validate the release by checking for Bug ID # 36879 in the Issues Fixed section for the upcoming 6.6.x patch release notes.