Security

Reply
Occasional Contributor II

HP TACACS+ with ClearPass

I'm setting up TACACS+ with HP ProCurve switches and it's working just fine, however, we are looking for a way to send the privilege level and bypass having to enter an emable password?

 

We are able to send the privilidge level, no problem. I've been unable to find a way to send a command back or a way to perform the enable Bypass.

 

Thank you for your help

Andy Clelland

Structured Communication Systems, Inc. 

Guru Elite

Re: HP TACACS+ with ClearPass

Do you have "shell priv-lvl 15"?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: HP TACACS+ with ClearPass

I do, however the enable password is still required. There is a Manager user configured but if we remove that, you still have to type in enable to get to the enable mode. We are looking to pass that on and if you are given privilege level 15, just go directly into enable mode

Regards,
Andy Clelland
ACMP, ACCP
Structured Communication Systems, Inc
Guru Elite

Re: HP TACACS+ with ClearPass

Can you post your HP tacacs config?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: HP TACACS+ with ClearPass

I'll post the config a little later today.

 

I may have found what I'm looking for. Has anyone tried this?

Creating a Named List for the Enable Mode Authentication

To create a named list for the enable mode, you must determine the authenti- cation methods you want to use and the order in which you want the authenti- cation methods applied. From the global configuration mode context, enter:

Syntax: aaa authentication enable default {none | line | enable | [group <groupname> | radius | tacacs+]} 

 

Regards,

Andy Clelland

Structured Communications

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: