09-28-2014 10:49 PM
And get an error in event viewer whenever a TACACS packet has been received.
Authentication failure: shared secret mismatch or bad tacacs packet from device=<snip>
The shared secret has been triple checked as correct. Clearpass is happily accepting RADIUS packets from these IAPs and also has other fully functioning TACACS services, so there doesn't appear to be any configuration issue, and the problem appear to be specific to the Instant AP which is running version 22.214.171.124. This error occurs regardless of whether the service is enabled or not, so it cannot be a service config issue.
Normally I would go to packet capture at this point but I don't think clearpass has this facility.
Anyone seen this before?
09-28-2014 10:55 PM
you can do a packet capture in the server manager. Make sure you have the correct vendor in the network device settings.
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
09-28-2014 11:01 PM
Thanks Troy. Ouch, painful way to capture compared to cli but I'll give it a go.
The vendor is 'Aruba' even though this is Dell instant, no option for Dell