Problem:Unable to authenticate Gigamon GigaVUE 2404 switches via TACACS
Diagnostics:This is applicable only for Gigamon GigaVUE-2404 switches with versions lower than 8.6.11
Version lower than 8.6.11 for Gigamon 2404 switches, expect the TAC_PLUS_AUTHOR_STATUS_PASS to be returned as 0x02 rather than 0x01.
SolutionBy default while authenticating any NAD device against Clearpass via TACACS, it returns the Authorization status value as 0x01 as shown below:
Gigamon GigaVUE 2404 switch with version lower than 8.6.11 expects the authorization status value to be returned as 0x02 instead of 0x01 in addition to priv-lvl=10.
We can achieve this by modifying the TACACS enforcement profile by configuring the Authorize Attribute Status as REPLACE instead of ADD as shown below:
Below is the pcap after modifying the TACACS enforcement profile.
Reference IETF URL: https://tools.ietf.org/html/draft-grant-tacacs-02