Security

Reply
Contributor II
Posts: 58
Registered: ‎08-19-2013

AAA authentication of CISCO NCS prime with Clearpass servers

Hello guys,

 

I'm trying to configure AAA in cisco ncs prime, which authenticates the AD user for its login.

 

Already configured clearpass as TACACS server in prime NCS with shared secret, added prime NCS as network access device in clearpass, created a TACACS service in clearpass which authenticates againts AD.

 

Now my question is what should be the enforcement profile pushed from the clearpass? We've many groups in ncs prime, each group has it own permissions and features.

 

Tried to add in all task list in clearpass enforcement profile, as in attached pic, but I cant access the features in prime which is included in clearpass!!! :(

 

Instead of sending 100 of task list per profile, is there a way to send the group name from clearpass to NCS prime?

 

Thanks,

Bharani..

 

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: AAA authentication of CISCO NCS prime with Clearpass servers

We added a library for NCS in 6.2.3.  If you need it in your version, please see the attached file.  Go to Administration --> Dictionaries --> TACACS and at the top right, import this file (no password)

 

 

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: AAA authentication of CISCO NCS prime with Clearpass servers

[ Edited ]

Here's the file!  I forgot it.  Unzip it first...then import

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Contributor II
Posts: 58
Registered: ‎08-19-2013

Re: AAA authentication of CISCO NCS prime with Clearpass servers

Hello Seth,

 

Thanks for your reply. I have already edited this xml file as per our NCS prime's attribute task list (around 170 task list are in present in a group in NCS prime).

 

But what I can see is that I need to manually type in all task list in clearpass profile right?

 

Instead of doing this, is there a way to send just a group name from clearpass to NCS prime? (because that group in prime will be having all task list configured in it).

 

Regards,

Bharani..

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: AAA authentication of CISCO NCS prime with Clearpass servers

I believe you can edit this dictionary and place those role into the categories.  Not an expert with Prime.  I believe that's how ACS does it.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Search Airheads
Showing results for 
Search instead for 
Did you mean: