AAA, NAC, Guest Access & BYOD

 View Only
last person joined: one year ago 

Solutions for legacy and existing products and solutions, including Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, and Introspect
Back to Library

TACACS authentication for Gigamon GigaVUE-2404 switch 

Oct 07, 2016 01:14 PM

Problem:

Unable to authenticate Gigamon GigaVUE 2404 switches via TACACS



Diagnostics:

This is applicable only for Gigamon GigaVUE-2404 switches with versions lower than 8.6.11

 

Version lower than 8.6.11 for Gigamon 2404 switches, expect the TAC_PLUS_AUTHOR_STATUS_PASS to be returned as 0x02 rather than 0x01.

 



Solution

By default while authenticating any NAD device against Clearpass via TACACS, it returns the Authorization status value as 0x01 as shown below:

 

 

Gigamon GigaVUE 2404 switch with version lower than 8.6.11 expects the authorization status value to be returned as 0x02 instead of 0x01 in addition to priv-lvl=10.

We can achieve this by modifying the TACACS enforcement profile by configuring the Authorize Attribute Status as REPLACE instead of ADD as shown below:

 

Below is the pcap after modifying the TACACS enforcement profile.

 

 

Reference IETF URL: https://tools.ietf.org/html/draft-grant-tacacs-02 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.