Hi All,
We would like to use our Clearpass Server connected to our AD to do TACACS authentication for our cisco switches and routers.
I have followed the guide here:
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Configuring-TACACS-on-ClearPass-for-Cisco-switches/m-p/207431#M15726
But I have some questions:
1. where should i define the cisco switches ip?
- enforcement service rule as i have done below
- or in the enforcement profile's device group list
2. In our cisco switches, I have to configure a TACACS key, but I cannot find anywhere in the guide where will it be configured in our clearpass.
3. We want to define in our clearpass the list of AD IDs allowed to access the switches.
- Do I have to add one enforcement policy rule for each username?
- or any other way I can do it?
Configuration done in our clearpass server:
Created Enforcement Profile
Created Enforcement Policy
Created Enforcement Policy Rule -> Authorization:XXX-AD:UserDN CONTAINS rowell)
Created TACACS+ Enforcement Service
Added TACACS+ Enforcement Service Rule -> Connection NAD-IP-Address EQUALS x.x.x.x
Added Authentication Sources: XXX-AD
Added Enforcement Policy
Thanks and more power to all.