last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Cleapass shell role net-admin DCNM

  • 1.  Cleapass shell role net-admin DCNM

    Posted Dec 09, 2020 01:50 PM
    I want to use clearpass tacacs authentication for Cisco DCNM server. It says that tacacs have to return network-admin role. How this can be done in Clearpass?

    Petri Kemppainen

  • 2.  RE: Cleapass shell role net-admin DCNM

    Posted Dec 10, 2020 08:44 AM

    Do you have look to use like Cisco Switch for TACACS, return Shell:privilege level 15 ?

    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281

  • 3.  RE: Cleapass shell role net-admin DCNM

    Posted Dec 15, 2020 04:51 AM
    Did you see and test this suggestion? There is a screenshot on how to return the network-admin role in a TACACS+ enforcement profile.

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

  • 4.  RE: Cleapass shell role net-admin DCNM

    Posted Dec 17, 2020 02:26 AM


    I got this work! 

    I have to make new tacacs dictionany shell:ip

    I export existing shell dictionary and modify that and import it back to tacacs dictionary

    then i modify enforcement profile and you can see right values from attached file, Cisco DCNM profile.

    Petri Kemppainen


  • 5.  RE: Cleapass shell role net-admin DCNM

    Posted Jan 18, 2021 02:59 PM
    Worked for me!


    Andres Perez