tacacs-server host clearpass.selectium.local key plaintext pasword auth-type pap vrf mgmt
!
aaa group server tacacs Clearpass-Tacacs
server clearpass.selectium.local vrf mgmt
!
!
aaa authentication login default group Clearpass-Tacacs local
aaa authorization commands default group Clearpass-Tacacs
aaa accounting all-mgmt default start-stop group Clearpass-Tacacs
On ClearPass side the enforcement profile is looking like this. Instead of priv-lvl you can also use roles. This would be even better, but for my case, priv-lvl is enough.
Profile: |
Name: |
ArubaOS-CX TACACS Management RW Access
|
Description: |
TACACS+ Management RW access for ArubaCX switches
|
Type: |
TACACS+
|
Action: |
Accept
|
Device Group List: |
1. ArubaOS-CX switches
|
|
|
|
Services: |
Privilege Level: |
15
|
Selected Services: |
1. Shell 2. Aruba:Common
|
Authorize Attribute Status: |
ADD
|
Custom Services: |
-
|
Service Attributes
|
|
|
Commands: |
Service Type: |
shell
|
Unmatched Commands: |
Permit
|
Commands
|
|
|
|
|
|
|
|
|
|
Best, Gorazd
------------------------------
Gorazd Kikelj
------------------------------
Original Message:
Sent: Oct 09, 2021 03:08 AM
From: Luthfi Naufal Gibrani
Subject: ARUBA CX SImulator Tacacs Integration doesn't Work
Dear All,
I did some tests for future projects using GNS3 lab, here is the detail for the environment:
1. GNS3 as Image orchestrator running on Virtual Box
2. Aruba CX OVA simulator running on Virtual Box
3. Tacacs GUI for TACACS+ Server running on Virtual Box
4. Webterm as end device that will test SSH to Devices
The topology is like this:
the following is the command that I run on the ARUBA CX SWITCH.
ssh server vrf default
tacacs-server key plaintext tacacs1234
tacacs-server host 10.1.1.100 vrf default
aaa group server tacacs TACACS-GUI
server 10.1.1.100 vrf default
aaa authentication login default group TACACS-GUI local
aaa authentication login ssh group TACACS-GUI local
From the TACACS GUI LOG, PAP Authentication has been successful but access to the switch is still denied, as folows:
Did I miss something?
Thank you very much for the help.
Sincerely,Gibs
------------------------------
Luthfi Naufal Gibrani
------------------------------