TACACS Enabled authentication fails for Enable mode


TACASCS management authentication fails when we try to move to enable mode in MRV Console servers. Why does that happen?


CLI authentication works normally. However when we try to login to the enable mode in CLI, that triggers another authentication which results in a failure. We can observe following message in the Alerts Tab, "Unsupported Tacacs parameter in request".

This happens because the TACACS+ authentication request triggered when we try to move to enable mode lacks "authen_type" parameter.

 Enable Requests

authen_type = not used

Current CPPM version will reject request if 'authen_type' is not specified for ENABLE requests, however as per RFC, Clearpass is supposed to proceed by treating request as ASCII. 

Changes will be made to use default AUTHEN_TYPE as ASCII instead of rejecting the enable request in an upcoming CPPM 6.6.x patch (tentatively 6.6.4). Please validate the release by checking for Bug ID # 36879 in the Issues Fixed section for the upcoming 6.6.x patch release notes.

Version history
Revision #:
2 of 2
Last update:
‎11-15-2016 10:58 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: