Wired Intelligent Edge

 View Only
  • 1.  AOS CX: TACACS tracking functionality?

    Posted Oct 15, 2024 09:09 AM
      |   view attached

    I have been testing TACACS tracking functionality in AOS CX switches (virtual CX running 10.14.1000 and 6000 (10.13.1010) so far). ClearPass is our TACACS server. I think there's some anomaly in the behaviour: as long as ClearPass TACACS+ server process is up and running the tracking functionality of CX switch classifies server as "reachable". It classifies the server as reachable even if a) there's no applicable TACACS+ Service available in ClearPass b) NAD IP (or shared secret) is missing in ClearPass configuration. 

    This makes me think if this is a bug in behaviour? I would think that NAD needs to fetch more information than just establishing TCP connection with ClearPass: I took a Wireshark capture (attached) and indeed it shows TCP connection beind established in between the NAD and ClearPass, and NAD is not configured as TACACS client.

    How about you? Are you using TACACS tracking, and if yes, what is your experience with the functionality in CX switches?



    ------------------------------
    gone fishing.
    ------------------------------


  • 2.  RE: AOS CX: TACACS tracking functionality?

    Posted Oct 16, 2024 05:56 AM

    Please open a support case for this. I'm not sure what tracking is supposed to check, but to be useful if the TACACS server accept the TCP session then immediately disconnects, it's clear that it's not willing to serve.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: AOS CX: TACACS tracking functionality?

    Posted Oct 18, 2024 06:05 AM

    Thank you, Herman. TAC is created and now waiting for next level engineer to step in.



    ------------------------------
    gone fishing.
    ------------------------------