Security

Reply
Occasional Contributor II
Posts: 94
Registered: ‎11-27-2014

Brocade AVP pair not being returned by CPPM

[ Edited ]

Hi,

 

Does anybody have any experience with Brocade NOS switches authenticating and authorising using Clearpass. We are attempting to do this but are struggling with the authorisation. We are using TACACS for this. We see the Brocade switch send both service=shell and brcd-role* but despite being configured to return priv-lvl 15 and the brcd-role 'admin', the latter does not get returned only the 'priv-lvl 15', however as the 'admin' role is not returned the default 'user' role is assumed and the user cannot edit the switch configuration.

 

Just wondering if anybody else has experienced this and if they managed to get this working?

 

Thanks

Occasional Contributor II
Posts: 94
Registered: ‎11-27-2014

Re: Brocade AVP pair not being returned by CPPM

I found out that the asterisk (*) sent with the brcd-role indicates that this is an 'optional' parameter that Clearpass doesn't need to respond to. However, we have defined 'brcd-role' as a valid attribute with a configured string 'admin', however Clearpass is not sending this back to the switch. It is only sending back the priv-lvl 15?

Search Airheads
Showing results for 
Search instead for 
Did you mean: