Security

Reply
Occasional Contributor I

CPPM TACACS+ for Autnenticating Silver Peak Admins

Hello all,

 

I am trying to setup TACACS on Silver Peak appliances but it doesn't look like it's working properly. I keep getting the following authorizatin error (see attached screenshot). I have created and imported the below dictionary file. Silverpeak has a detailed documentation on how to setup TACACS on Cisco ACS but none for Clearpass. Has anyone done this on Clearpass?

 

https://www.silver-peak.com/sites/default/files/userdocs/cisco_acs_5-5_tacacs-for-gms_reva_march2016.pdf

Capture11.PNG

Capture11.PNG

Capture111.PNG

Guru Elite

Re: CPPM TACACS+ for Autnenticating Silver Peak Admins

Please post the dictionary you're attempting to use.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: CPPM TACACS+ for Autnenticating Silver Peak Admins

Were you able to get this going successfully? I think you need to create a new service with name silverpeak:ip? 

 

That did not work, still trying to get a dictionary going

 

I take it back, it did work. Partially. I can assign the correct role, admin or monitor, however, if no role is assigned(you login with a user who should be denied, it works).  Just make sure in the SilverPeak auth setting to configure Authorization source to Remote Only. 

 

Here is the TACACS Dictionary: 

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
<TipsHeader exportTime="Tue Nov 21 10:55:20 EST 2017" version="6.6"/>
<TacacsServiceDictionaries>
<TacacsServiceDictionary dispName="SilverPeak:IP" name="silverpeak:ip">
<ServiceAttribute dataType="String" dispName="role" name="role"/>
</TacacsServiceDictionary>
</TacacsServiceDictionaries>
</TipsContents>

 

In your enforcement policy the role is either 'admin' or 'monitor'

 

_ELiasz

 

-------------------
ACDX, ACCP, CISSP, CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: