Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass and Alliet Telesis switches TACACS+

This thread has been viewed 24 times
  • 1.  Clearpass and Alliet Telesis switches TACACS+

    Posted Aug 29, 2024 05:39 AM

    Hello Airheads,

    I was wondering if anyone had experience in configuring TACACS+ Service for Allied Telesis switches.

    I configured the enforcement profile with priv-lvl=15 but i get the following error in the access-tracker

    Maybe some attribute is missing in the returned enforcement. 

    I hope somebody can help.

    Many thanks

    Ale



  • 2.  RE: Clearpass and Alliet Telesis switches TACACS+

    Posted Aug 29, 2024 05:58 AM

    Hi

    I don't have experience of Allied Telesis switches, but you problem is related to the configuration in ClearPass.

    In most cases when I have seen this the enforcement profile have been limited to a specific Network Device Group.

    Make sure that the switch is included in any Device groups specified or remove the Device Group condition if it can be done without interference in other rules.

    Maybe a copy of the current profile can be good to test with.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: Clearpass and Alliet Telesis switches TACACS+

    Posted Aug 30, 2024 02:54 AM

    Hi jonas and thank you,

    there is no device group list configuration on th enforcement profile.

    I copied this profile from one that is working for cisco switches.

    I was thinking about some missing attribute in the access-accecpt that lets the switch fail the authorization for the session. That's why I am looking for someone who already had experience with Allied Telesis Products.

    Thank you and kind regards

    Ale




  • 4.  RE: Clearpass and Alliet Telesis switches TACACS+

    Posted Aug 30, 2024 03:03 AM

    But the error message clearly indicates that ClearPass can't apply any of the enforcement profiles in the enforcement policy.

    Create a new TACACS enforcment from scratch with the basic settings and see how this works.

    Can you share the configuration of the enforcement policy, the enforcement profile and also the output from the Summary tab in Access Tracker?



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 5.  RE: Clearpass and Alliet Telesis switches TACACS+

    Posted Aug 30, 2024 04:51 AM

    Also check whether unmatched commands are permitted in the enforcement profile or whether an allow list exists.



    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACX - Network Security
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 6.  RE: Clearpass and Alliet Telesis switches TACACS+

    Posted Aug 30, 2024 04:56 AM

    Hello,

    yes it is:

    Thank you

    Kind Regards




  • 7.  RE: Clearpass and Alliet Telesis switches TACACS+

    Posted Aug 30, 2024 05:08 AM

    Hello,

    here you go with access tracker session details:

    Enforcement Policy Config:

    and enforcement profile:

    Thank you so much

    kind regards

    Ale