Security

last person joined: 2 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPPM TACACS+ for Autnenticating Silver Peak Admins

  • 1.  CPPM TACACS+ for Autnenticating Silver Peak Admins

    Posted Jun 19, 2017 05:57 PM

    Hello all,

     

    I am trying to setup TACACS on Silver Peak appliances but it doesn't look like it's working properly. I keep getting the following authorizatin error (see attached screenshot). I have created and imported the below dictionary file. Silverpeak has a detailed documentation on how to setup TACACS on Cisco ACS but none for Clearpass. Has anyone done this on Clearpass?

     

    https://www.silver-peak.com/sites/default/files/userdocs/cisco_acs_5-5_tacacs-for-gms_reva_march2016.pdf

    Capture11.PNG

    Capture11.PNG

    Capture111.PNG



  • 2.  RE: CPPM TACACS+ for Autnenticating Silver Peak Admins

    Posted Jun 28, 2017 06:53 PM
    Please post the dictionary you're attempting to use.


  • 3.  RE: CPPM TACACS+ for Autnenticating Silver Peak Admins

    Posted Nov 21, 2017 10:49 AM

    Were you able to get this going successfully? I think you need to create a new service with name silverpeak:ip? 

     

    That did not work, still trying to get a dictionary going

     

    I take it back, it did work. Partially. I can assign the correct role, admin or monitor, however, if no role is assigned(you login with a user who should be denied, it works).  Just make sure in the SilverPeak auth setting to configure Authorization source to Remote Only. 

     

    Here is the TACACS Dictionary: 

     

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
    <TipsHeader exportTime="Tue Nov 21 10:55:20 EST 2017" version="6.6"/>
    <TacacsServiceDictionaries>
    <TacacsServiceDictionary dispName="SilverPeak:IP" name="silverpeak:ip">
    <ServiceAttribute dataType="String" dispName="role" name="role"/>
    </TacacsServiceDictionary>
    </TacacsServiceDictionaries>
    </TipsContents>

     

    In your enforcement policy the role is either 'admin' or 'monitor'

     

    _ELiasz

     



  • 4.  RE: CPPM TACACS+ for Autnenticating Silver Peak Admins

    Posted Sep 11, 2020 08:57 AM
      |   view attached

    Thank You!!! For posting the SilverPeak enforcement profile Dictionary.  This post solved my issue.  The only thing I am doing differently is using Privilege Level 7 in my Services tab and I set the role to "admin".