I was wondering if you could advise me on how to setup a TACACs service on Clearpass.
The TACACs service would be used to authenticate users who want to log into switches with their AD account. The switches are Alcatel switches.
When I go to setup the service for TACACs. I select the “TACACS+ Enforcement” I am not sure how to setup the service rule/conditions that deals authentication requests coming from a device, but have come up with the following:
Would this service rule work:
Value= This would be a static host list that has been created
I will then also enable “Authorization”
The static host list would be created based on subnet.
The authentication would then be AD
The authorization would then be AD
The roles would then be if “Authorization:AD:member of contains Technical”
I am not sure what would be used for enforcement as when I go to create this I get the following. Please see attached picture.
What do I set for privilege level?
What do I set for selected services?
What do I set for authorize attribute service?
What do I set for service attributes?
What do I then set up for Enforcement policies?
I hope the above make senses and you guys can advise me further?
Hope this helps,
And another example for ArubaOS switch in this video:
Alcatel switch manual is here. It doesn't mention special requirements, so returning privilege level 15 and service Shell would be my first try. Then under commands 'Permit unmatched commands'. That is the pretty basic. Some switches require more specific information, like in the video we had to add priv-lvl=15 as a Service attribute to skip the enable prompt; but that is for ArubaOS switches specific.
Hope this helps you in the right direction.
Thank you for the suggestion.
I have tried this and it has worked straight away.
For anyone else having issues with WLC login be sure you have tacacs servers defined for Authentication, Accounting and Authorization. I was lacking authorization and it just kept bouncing back to login.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.