Q: TACASCS management authentication fails when we try to move to enable mode in MRV Console servers. Why does that happen?
A: CLI authentication works normally. However when we try to login to the enable mode in CLI, that triggers another authentication which results in a failure. We can observe following message in the Alerts Tab, "Unsupported Tacacs parameter in request".
This happens because the TACACS+ authentication request triggered when we try to move to enable mode lacks "authen_type" parameter.
Enable Requests
authen_type = not used
Current CPPM version will reject request if 'authen_type' is not specified for ENABLE requests, however as per RFC, Clearpass is supposed to proceed by treating request as ASCII.
Changes will be made to use default AUTHEN_TYPE as ASCII instead of rejecting the enable request in an upcoming CPPM 6.6.x patch (tentatively 6.6.4). Please validate the release by checking for Bug ID # 36879 in the Issues Fixed section for the upcoming 6.6.x patch release notes.