Wireless Access

Reply
Occasional Contributor II
Posts: 14
Registered: ‎08-01-2016

how to configure a local user's privilege and use it to login with different priv

Hi, guys, I need create a local user in CPPM, and use this user to login network devices with a read -only right ?

and also another local user need full 15 level access.

how do I configure on the control ?

where I need link the user with different privilege ?

 

thank you

Occasional Contributor II
Posts: 14
Registered: ‎08-01-2016

Re: how to configure a local user's privilege and use it to login with different priv

I mean how do I configure on the clearpass !

I have partial done with configuration on the clearpass and I can use those two user login network devices now

 

thank you!

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: how to configure a local user's privilege and use it to login with different priv

Are you saying read-only access to clearpass or read-only access to network devices?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎08-01-2016

Re: how to configure a local user's privilege and use it to login with different priv

Hi, jcoseph:

 

thank you for your quick response !

I am using clearpass for our network devices login control thru Tacacs or Radius. it is not for clearpass itself. It for thousands different network devices. we need associate with AD, and also we need create some users in the local user section of the clearpass. and use them to login our network devices as backup. but we need defferent privileges for those local users.

 

thank you 

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: how to configure a local user's privilege and use it to login with different priv

What type of devices?  Do you already have regular tacacs login working for those devices through clearpass local users?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎08-01-2016

Re: how to configure a local user's privilege and use it to login with different priv

mainly the types of devices are cisco routers,switches  ,asa and avaya swithes .

And I have already gotten those local users login devices .

currently, for tacacs service , default profile is tacacs deny profile.

and all of  those local users have 15 level privilege which we don't want to see. we want to seperate. 

I know if we  associate with AD, then AD can take this part , we just put the authorization value match with AD..

but  for those local users, I am stucking here.

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: how to configure a local user's privilege and use it to login with different priv

What is your enforcement profile for your privilege 15 users and what is your enforcement policy for your read-only users when you do AD authentication?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎08-01-2016

Re: how to configure a local user's privilege and use it to login with different priv

for the AD part, I need work with servers team to classify the different group. but  I don't get that far. currently only associate with AD. we use LAN ID  to login thedevices and get privilege 15, ( included the members of my group). for read-only , honestly , I don't have time to work with AD team . SO far this part, no done yet.

so far, every users has 15 lev

Occasional Contributor II
Posts: 14
Registered: ‎08-01-2016

Re: how to configure a local user's privilege and use it to login with different priv

I creat two profiles for tacacs one for 15 level : shell pri-lvl=15

another is for 1 level :shell pri-lvl=15

 

In the service session, I create enforcement policy :

authorization : AD member-of contain network admin ( this value need confirm with server team)

 authorization: AD memeber-of  contain Read-only-user 

here is the screen shot:

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: