Security

Reply
Occasional Contributor II
Posts: 13
Registered: ‎03-09-2014

Clearpass as TACACS for Cisco WLC

I have configured Clearpass as TACACS for a Cisco WLC.  I have verified I'm hitting the correct profile.

 

Under that profile I am using the CiscoWLC:Common service to provide the name role1 with value of ALL.  The cisco is not liking the message its getting from clearpass and is classifying it as a Authentication failure.  Is there anything else I need to add or change?

 

profile attached.

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: Clearpass as TACACS for Cisco WLC

There is no profile attached.

If its an auth error it usually isnt a profile issue. Can you attach the alert in access tracker
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 13
Registered: ‎03-09-2014

Re: Clearpass as TACACS for Cisco WLC

It actually shows it passes in Clearpass.  The WLC just isnt likeing the response for some reason.

Attaching images:  

wlc2.png

WLC.png

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: Clearpass as TACACS for Cisco WLC

Even though it passes Auth sometimes there is still an alert in access tracker. I ran into the same thing yesterday with a juniper switch. I just wanted to make sure.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
New Contributor
Posts: 1
Registered: ‎02-10-2016

Re: Clearpass as TACACS for Cisco WLC

I am experiencing this issue trying to get my WLC to work with Clearpass for tacacs admin.

 

Any ideas?

Aruba Employee
Posts: 18
Registered: ‎04-28-2009

Re: Clearpass as TACACS for Cisco WLC

Have you tested with the Privilege level = 15 in the enforcement profile?

 

New Contributor
Posts: 3
Registered: ‎10-24-2016

Re: Clearpass as TACACS for Cisco WLC

I am having this issue too.  Yes I am using priv 15 as well.  session detail states:  ciscowlc:  Fail.    Auth Request Message on Alert tab:  Tacacs server=ciscowlc:common not enabled. 

New Contributor
Posts: 3
Registered: ‎10-24-2016

Re: Clearpass as TACACS for Cisco WLC

I found/fixed my problem. It was a config issue in my policy.

New Contributor
Posts: 1
Registered: ‎03-15-2017

Re: Clearpass as TACACS for Cisco WLC

 Hi Berg,

 

Can you please share on what was the issue on the policy? i am having the same problem too.

 

Regards

Aabarnam S

New Contributor
Posts: 3
Registered: ‎10-24-2016

Re: Clearpass as TACACS for Cisco WLC

I had to add priv 15 to my enforcement. 

Search Airheads
Showing results for 
Search instead for 
Did you mean: