Security

Reply
New Contributor
Posts: 3
Registered: ‎11-30-2015

Getting TACACS+ to work with Cisco ACS

I am trying to get my controllers to use my Cisco ACS (v 5.6.0.22) to allow admin login. I have the controller side of things configured with a matching password and defining the TACACS server as outlined below..

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/TACACS-Session-Authorization/td-p/33536

 

I have the Aruba-Admin-Role=root and the device set but the issue I am having is finding where on the ACS that I set the matching rule for the part outlined below.

 

"The request will include two fields, which you'll need to configure on the TACACS server as a matching rule:

  service=aruba

  protocol=common"

 

Anyone have any experience with this product and can point me in the right direction?

 

Guru Elite
Posts: 19,953
Registered: ‎03-29-2007

Re: Getting TACACS+ to work with Cisco ACS

Quite frankly, all you need is a positive response from the Tacacs server and the controller will let you in.  Have you already accomplished that and you want to fine tune the roles?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
New Contributor
Posts: 3
Registered: ‎11-30-2015

Re: Getting TACACS+ to work with Cisco ACS

I seem to be having issues just getting the darn ACS to respond. I have added the tacacs server under the Security > Authentication>Servers tab. I have checked and double checked that the keys are correct and tried both ports 49 and 4949. If I dont have to mess with all those other settings and I should be getting the default root group assigned to an approved connection I am not sure what else I need to be doing.

Guru Elite
Posts: 19,953
Registered: ‎03-29-2007

Re: Getting TACACS+ to work with Cisco ACS

Here is a pic of the minimum parameters you need configured.  Please ignore that a radius server, NPS is configured.  You just need to have a TACACS server in its place in the server group.

radius.png

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
New Contributor
Posts: 3
Registered: ‎11-30-2015

Re: Getting TACACS+ to work with Cisco ACS

Thank you for the reply, I have the Aruba side configured and set up and if I do a test from the diagnostic tab to the server I can see communications to the ACS. I am thinking I have something not cofigured correctly on the ACS. I added a custom attrabute of Aruba-Admin-Role but it does not seem to work. Do I even need that and if not what common tasks do I need to add. 

 

I gues what I am looking for is what do I need to set on the ACS side to get it to work with Aruba equipment? Any guides online that I can look at?

Search Airheads
Showing results for 
Search instead for 
Did you mean: