AOS-CX Switch Simulator

 View Only
last person joined: 21 hours ago 

Expand all | Collapse all

ARUBA CX SImulator Tacacs Integration doesn't Work

This thread has been viewed 45 times
  • 1.  ARUBA CX SImulator Tacacs Integration doesn't Work

    Posted Oct 12, 2021 11:54 AM

    Dear All,


    I did some tests for future projects using GNS3 lab, here is the detail for the environment:


    1. GNS3 as Image orchestrator running on Virtual Box
    2. Aruba CX OVA simulator running on Virtual Box
    3. Tacacs GUI for TACACS+ Server running on Virtual Box
    4. Webterm as end device that will test SSH to Devices


    The topology is like this:


    the following is the command that I run on the ARUBA CX SWITCH.


    ssh server vrf default

    tacacs-server key plaintext tacacs1234

    tacacs-server host vrf default

    aaa group server tacacs TACACS-GUI

    server vrf default

    aaa authentication login default group TACACS-GUI local

    aaa authentication login ssh group TACACS-GUI local



    From the TACACS GUI LOG, PAP Authentication has been successful but access to the switch is still denied, as folows:

    Did I miss something?
    Thank you very much for the help. 








    Luthfi Naufal Gibrani

  • 2.  RE: ARUBA CX SImulator Tacacs Integration doesn't Work

    Posted Nov 03, 2021 01:50 AM
    i've also just had the same experience trying to run this from EVE into ClearPass.

    Scott Doorey

  • 3.  RE: ARUBA CX SImulator Tacacs Integration doesn't Work

    Posted Nov 04, 2021 03:24 AM
    tacacs-server host clearpass.selectium.local key plaintext pasword auth-type pap vrf mgmt
    aaa group server tacacs Clearpass-Tacacs
    server clearpass.selectium.local vrf mgmt
    aaa authentication login default group Clearpass-Tacacs local
    aaa authorization commands default group Clearpass-Tacacs
    aaa accounting all-mgmt default start-stop group Clearpass-Tacacs

    On ClearPass side the enforcement profile is looking like this. Instead of priv-lvl you can also use roles. This would be even better, but for my case, priv-lvl is enough.

    ArubaOS-CX TACACS Management RW Access
    TACACS+ Management RW access for ArubaCX switches
    Device Group List:
    1. ArubaOS-CX switches
    Privilege Level:
    Selected Services:
    1. Shell
    2. Aruba:Common
    Authorize Attribute Status:
    Custom Services:
    Service Attributes
      Type Name = Value
    1. Shell priv-lvl = 15
    Service Type:
    Unmatched Commands:
      Command Arguments Permit Action Unmatched Arguments

    Best, Gorazd

    Gorazd Kikelj