Security

Reply
Occasional Contributor II
Posts: 13
Registered: ‎07-23-2014

Clearpass TACACS - Authentication fail

Hi Guys,

 

I'm using the CPPM as a TCACS Server, authenticanting some different switches models .

I'm having a problem specifically with an HP (H3C) switch. When I try to access this switch with username and password that is registered in CPPM internal base, I receive the information from CPPM that the autehntication was accepted, but the switch reject the access.

 

I have no problem with the others switches ( Ciscco and Dell).

 

Is there something that I need to configure in the CPPM specically for HP (H3C) switches?

 

Thanks i advance.

 

Leandro Surcin

Guru Elite
Posts: 8,339
Registered: ‎09-08-2010

Re: Clearpass TACACS - Authentication fail

Youneed to send back a privilege level of 15. Create a new enforcement profile and add it to your policy.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,339
Registered: ‎09-08-2010

Re: Clearpass TACACS - Authentication fail

HP ProCurve config:

 

aaa authentication login privilege-mode
aaa authentication ssh login tacacs local
aaa authentication ssh enable tacacs local
tacacs-server host 10.100.60.80 key Pr0Curve

 

ClearPass:

 

Enforcement profile:

tacacs-hp-procurve-enfprofile.JPG

 

 

 

Enforcement policy:

 

tacacs-hp-procurve-enfpolicy.JPG


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 13
Registered: ‎07-23-2014

Re: Clearpass TACACS - Authentication fail

Hi.

 

Its an HP 5120 switch model from H3C and I already configured the enforcement profile privilege level 15.

 

Do you have some other advice?

 

Tks.

MVP
Posts: 287
Registered: ‎11-04-2008

Re: Clearpass TACACS - Authentication fail

Have you set super password?

 

[CS01]super password level 3 cipher ?
  STRING<1-53>  Ciphertext password string
[CS01]super password level 3 cipher yoursecretkey

 then after you authenticate at level 0, type "super" to get to level 3

<CS01>super
Please input the password to change the privilege level. Press CTRL_C to abort.
 Password:
User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

 

~Trinh Nguyen~
Boys Town
Occasional Contributor II
Posts: 13
Registered: ‎07-23-2014

Re: Clearpass TACACS - Authentication fail

Hi.

 

Its an HP 5120 switch model from H3C and I already configured the enforcement profile privilege level 15.

 

Do you have some other advice?

 

Tks.

Search Airheads
Showing results for 
Search instead for 
Did you mean: