Security

Reply
New Contributor
Posts: 1
Registered: ‎11-14-2016

Clearpass TACACS Accounting Not Working

Scenario:

When a user logs into a switch locally (off network) with local credentials, and then reconnects the switch to the network, the switch isn’t forcing the user to login via TACACS credentials. It still allows the local user to run commands. It is the same switch TACACS configuration we were using with ACS.

 

Switch TACACS config:

 

aaa new-model

 

tacacs server CPPM-1

address ipv4 1.1.1.1

key 7 xxyyzz

tacacs server CPPM-2

address ipv4 2.2.2.2

key 7 xxyyzz

 

aaa authentication login default group CPPM-Servers local

aaa authentication enable default group CPPM-Servers enable

 

aaa authorization exec default group CPPM-Servers if-authenticated

aaa authorization config-commands

aaa authorization commands 1 default group CPPM-Servers if-authenticated

aaa authorization commands 15 default group CPPM-Servers if-authenticated

 

aaa accounting exec default start-stop group CPPM-Servers

aaa accounting commands 1 default start-stop group CPPM-Servers

aaa accounting commands 15 default start-stop group CPPM-Servers

aaa accounting update periodic 5

 

no tacacs-server directed-request

ip tacacs source-interface Loopback0

 

aaa group server tacacs+ CPPM-Servers

server name CPPM-1

server name CPPM-2

Search Airheads
Showing results for 
Search instead for 
Did you mean: