AAA, NAC, Guest Access & BYOD

TACACS authentication for Gigamon GigaVUE-2404 switch
Problem:

Unable to authenticate Gigamon GigaVUE 2404 switches via TACACS



Diagnostics:

This is applicable only for Gigamon GigaVUE-2404 switches with versions lower than 8.6.11

 

Version lower than 8.6.11 for Gigamon 2404 switches, expect the TAC_PLUS_AUTHOR_STATUS_PASS to be returned as 0x02 rather than 0x01.

 



Solution

By default while authenticating any NAD device against Clearpass via TACACS, it returns the Authorization status value as 0x01 as shown below:

 

 

Gigamon GigaVUE 2404 switch with version lower than 8.6.11 expects the authorization status value to be returned as 0x02 instead of 0x01 in addition to priv-lvl=10.

We can achieve this by modifying the TACACS enforcement profile by configuring the Authorize Attribute Status as REPLACE instead of ADD as shown below:

 

Below is the pcap after modifying the TACACS enforcement profile.

 

 

Reference IETF URL: https://tools.ietf.org/html/draft-grant-tacacs-02 

Version History
Revision #:
2 of 2
Last update:
‎10-07-2016 10:14 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.