Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Controlling access to Mobility Master via CPPM TACACS service

This thread has been viewed 19 times

  • 1.  Controlling access to Mobility Master via CPPM TACACS service

    Posted May 03, 2018 09:02 AM

    Hi All,

     

    Having some trouble configuring our Mobility Master to do TACACS via CPPM.  Have created a new server-group on the MM and can point it back to CPPM for root logons however when accessing via an read-only account (we are sending back aruba-admin-role read-only) we can not login and see the following error in Access Tracker.

     

    Requested priv_level= greater than Max Allowed priv_level=

     

    Any ideas, hopefully this isn't like with the iAPs where we cannot have read-only access via TACACS.

     

    Thanks,

    Matt.



  • 2.  RE: Controlling access to Mobility Master via CPPM TACACS service

    EMPLOYEE
    Posted May 03, 2018 10:52 AM

    Do you have Session Authorization enabled in the server definition on the MM side?



  • 3.  RE: Controlling access to Mobility Master via CPPM TACACS service

    Posted May 08, 2018 08:42 AM

    Hi Tim,

     

    No I don't believe we did, do we need to enable it?

     

    Thanks,

    Matt



  • 4.  RE: Controlling access to Mobility Master via CPPM TACACS service

    EMPLOYEE
    Posted May 08, 2018 08:53 AM

    Yes



  • 5.  RE: Controlling access to Mobility Master via CPPM TACACS service

    Posted Oct 12, 2023 10:07 AM
      |   view attached

    I'm also trying to accomplish the same thing, I've enabled "session authorization" on the mobility master, but still get "Requested priv_level= greater than Max Allowed priv_level=


    Original Message