last person joined: 13 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).

Aruba Switch login using duo and tacacs

  • 1.  Aruba Switch login using duo and tacacs

    Posted Sep 16, 2020 07:20 AM

    I'm trying to log in to a 2930F switch running WC.10.16.10 fiimware using a DUO proxy server and cppm 6.8.6


    What I've done is

    1). Create a cppm TACACS service ( TACACS Service .png)

    2). Create an enforcement  policy that sends back a priv level (priv level.png)

    3). configure switch


    tacacs-server host key "myKey"
    tacacs-server host key "myKey"
    tacacs-server timeout 30

    aaa authentication login privilege-mode
    aaa authentication telnet login tacacs
    aaa authentication telnet enable tacacs


    so I  can ssh to it via RADIUS (normal way) and telnet to it via TACACS


    4). Create a DUO service that does the PAP based user auth


    So from my test CLI I can do

    telnet  <ip address>

    enter username/password  stuff


    I can see duo authenticating the  password successfully and then  the "final" accept that goes back to the switch fails (duo sequence).

    Looking at the Alert (session alerts)  I've tried changing the priv level to 0 and 1 but doesn't seem to make any difference to the error message I get back.


    So which part of the confgi is wrong ? The basic  sequence is correct, j