Hello,I'm trying to configure TACACS login using AD credentials to Cisco DNA Center using ClearPass, but struggling to get the correct syntax. In DNA Center's config it states -
"The value of the AAA attribute to be configured for authorization on AAA server would be in the format of "Role=role1". On ISE server, choose the cisco-av-pair attribute from cisco specific AAA attributes list. A sample configuration inside Authorization profile would look like "cisco-av-pair= Role=SUPER-ADMIN-ROLE".
An example configuration in the case of manually defining the AAA attribute would be "Cisco-AVPair=Role=SUPER-ADMIN-ROLE"."I've tried using the Shell service with cisco-av-pair attribute and various values including the role name of "SUPER-ADMIN-ROLE" and the role value of "Role=role2" and simply just "role2". None of these combinations seemed to work, so I created a new TACACS service called "Cisco-AVPair" to match the same from DNA Center with Role attribute and value of both role name and number, but neither of those appear to work either. Wondering if anybody set this up successfully or any suggestions on what I may be missing?Thanks in advance!
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.