Security

last person joined: 13 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).

Aruba Switch login using duo and tacacs

  • 1.  Aruba Switch login using duo and tacacs

    Posted Sep 16, 2020 07:20 AM

    I'm trying to log in to a 2930F switch running WC.10.16.10 fiimware using a DUO proxy server and cppm 6.8.6

     

    What I've done is

    1). Create a cppm TACACS service ( TACACS Service .png)

    2). Create an enforcement  policy that sends back a priv level (priv level.png)

    3). configure switch

     

    tacacs-server host 144.32.230.6 key "myKey"
    tacacs-server host 144.32.128.85 key "myKey"
    tacacs-server timeout 30

    aaa authentication login privilege-mode
    aaa authentication telnet login tacacs
    aaa authentication telnet enable tacacs

     

    so I  can ssh to it via RADIUS (normal way) and telnet to it via TACACS

     

    4). Create a DUO service that does the PAP based user auth

     

    So from my test CLI I can do

    telnet  <ip address>

    enter username/password  stuff

     

    I can see duo authenticating the  password successfully and then  the "final" accept that goes back to the switch fails (duo sequence).

    Looking at the Alert (session alerts)  I've tried changing the priv level to 0 and 1 but doesn't seem to make any difference to the error message I get back.

     

    So which part of the confgi is wrong ? The basic  sequence is correct, j