Security

last person joined: 10 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Changing tacacs+ password

This thread has been viewed 10 times
  • 1.  Changing tacacs+ password

    Posted 16 days ago
    There doesn;t seem to be much docn ( i.e. examples)  on using the  changing TACACS+ password on next login option in a CPPM Local User  account.

    I have a 2930 switch running  fairly new firmware

    as part of the confgi I have aaa authentication login privilege-mode set up so  when i log in I don;t have to type  enable<cr> enter username/password 

    I can quite happily set the cppm checkbox and log into t e switch. at no point an i prompted to enter another password  burt looking in the cppm local user  table, the change tacacs password  checkbox has been cleared.


    Tried removing the  login privilege-mode statement so I had to type enable .... no differnce .
    Anyone using this in conjunction with  arubsa 2930 switrches

    Cppm is 6.9.5 BTW

    Rgds
    Alex

    ------------------------------
    Alex Sharaz
    ------------------------------


  • 2.  RE: Changing tacacs+ password

    Posted 15 days ago
    Hi Alex,

    Maybe my TACACS template will help you.

    tacacs-server host 1.2.3.4 key "mysecret"
    tacacs-server host 1.2.3.5 key "mysecret"
    tacacs-server timeout 5
    aaa authentication login privilege-mode
    
    ###SSH###
    aaa authentication ssh login tacacs local
    aaa authentication ssh enable tacacs local
    
    ###TELNET###
    aaa authentication telnet login tacacs local
    aaa authentication telnet enable tacacs local
    
    ###CONSOLE###
    aaa authentication console login tacacs local
    aaa authentication console enable tacacs local
    
    aaa authorization commands auto
    
    no web-management management-url
    no telnet-server
    ​


    ------------------------------
    Marcel Koedijk | MVP Guru 2021 | ACMP | ACCP | ACDA | Ekahau ECSE | Not an HPE Employee | Opionions are my own
    ------------------------------



  • 3.  RE: Changing tacacs+ password

    Posted 9 days ago
    If I remember correctly, the ArubaOS Switch does not support password changes over TACACS+. You can ask your Aruba Partner or Aruba SE to add your request for this feature which is already registered as SWITCH-I-509.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 4.  RE: Changing tacacs+ password

    Posted 9 days ago
    Ah!

    ok. Many thanks

    Rgds
    Alex