tacacs-server host clearpass.selectium.local key plaintext pasword auth-type pap vrf mgmt
aaa group server tacacs Clearpass-Tacacs
server clearpass.selectium.local vrf mgmt
aaa authentication login default group Clearpass-Tacacs local
aaa authorization commands default group Clearpass-Tacacs
aaa accounting all-mgmt default start-stop group Clearpass-Tacacs
On ClearPass side the enforcement profile is looking like this. Instead of priv-lvl you can also use roles. This would be even better, but for my case, priv-lvl is enough.
Profile: |
Name: |
ArubaOS-CX TACACS Management RW Access
Description: |
TACACS+ Management RW access for ArubaCX switches
Type: |
Action: |
Device Group List: |
1. ArubaOS-CX switches
Services: |
Privilege Level: |
Selected Services: |
1. Shell 2. Aruba:Common
Authorize Attribute Status: |
Custom Services: |
Service Attributes
Commands: |
Service Type: |
Unmatched Commands: |
Best, Gorazd
Gorazd Kikelj
Original Message:
Sent: Oct 09, 2021 03:08 AM
From: Luthfi Naufal Gibrani
Subject: ARUBA CX SImulator Tacacs Integration doesn't Work
Dear All,
I did some tests for future projects using GNS3 lab, here is the detail for the environment:
1. GNS3 as Image orchestrator running on Virtual Box
2. Aruba CX OVA simulator running on Virtual Box
3. Tacacs GUI for TACACS+ Server running on Virtual Box
4. Webterm as end device that will test SSH to Devices
The topology is like this:
the following is the command that I run on the ARUBA CX SWITCH.
ssh server vrf default
tacacs-server key plaintext tacacs1234
tacacs-server host vrf default
aaa group server tacacs TACACS-GUI
server vrf default
aaa authentication login default group TACACS-GUI local
aaa authentication login ssh group TACACS-GUI local
From the TACACS GUI LOG, PAP Authentication has been successful but access to the switch is still denied, as folows:
Did I miss something?
Thank you very much for the help.
Luthfi Naufal Gibrani