Security

Hello all,

I am trying to setup TACACS on Silver Peak appliances but it doesn't look like it's working properly. I keep getting the following authorizatin error (see attached screenshot). I have created and imported the below dictionary file. Silverpeak has a detailed documentation on how to setup TACACS on Cisco ACS but none for Clearpass. Has anyone done this on Clearpass?

https://www.silver-peak.com/sites/default/files/userdocs/cisco_acs_5-5_tacacs-for-gms_reva_march2016.pdf

Were you able to get this going successfully? I think you need to create a new service with name silverpeak:ip? 

That did not work, still trying to get a dictionary going

I take it back, it did work. Partially. I can assign the correct role, admin or monitor, however, if no role is assigned(you login with a user who should be denied, it works).  Just make sure in the SilverPeak auth setting to configure Authorization source to Remote Only. 

Here is the TACACS Dictionary: 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
<TipsHeader exportTime="Tue Nov 21 10:55:20 EST 2017" version="6.6"/>
<TacacsServiceDictionaries>
<TacacsServiceDictionary dispName="SilverPeak:IP" name="silverpeak:ip">
<ServiceAttribute dataType="String" dispName="role" name="role"/>
</TacacsServiceDictionary>
</TacacsServiceDictionaries>
</TipsContents>

In your enforcement policy the role is either 'admin' or 'monitor'

_ELiasz

Thank You!!! For posting the SilverPeak enforcement profile Dictionary.  This post solved my issue.  The only thing I am doing differently is using Privilege Level 7 in my Services tab and I set the role to "admin".