I am trying to setup TACACS on Silver Peak appliances but it doesn't look like it's working properly. I keep getting the following authorizatin error (see attached screenshot). I have created and imported the below dictionary file. Silverpeak has a detailed documentation on how to setup TACACS on Cisco ACS but none for Clearpass. Has anyone done this on Clearpass?
Were you able to get this going successfully? I think you need to create a new service with name silverpeak:ip?
That did not work, still trying to get a dictionary going
I take it back, it did work. Partially. I can assign the correct role, admin or monitor, however, if no role is assigned(you login with a user who should be denied, it works). Just make sure in the SilverPeak auth setting to configure Authorization source to Remote Only.
Here is the TACACS Dictionary:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0"><TipsHeader exportTime="Tue Nov 21 10:55:20 EST 2017" version="6.6"/><TacacsServiceDictionaries><TacacsServiceDictionary dispName="SilverPeak:IP" name="silverpeak:ip"><ServiceAttribute dataType="String" dispName="role" name="role"/></TacacsServiceDictionary></TacacsServiceDictionaries></TipsContents>
In your enforcement policy the role is either 'admin' or 'monitor'
Thank You!!! For posting the SilverPeak enforcement profile Dictionary. This post solved my issue. The only thing I am doing differently is using Privilege Level 7 in my Services tab and I set the role to "admin".
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.