But the error message clearly indicates that ClearPass can't apply any of the enforcement profiles in the enforcement policy.
Create a new TACACS enforcment from scratch with the basic settings and see how this works.
Can you share the configuration of the enforcement policy, the enforcement profile and also the output from the Summary tab in Access Tracker?
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Aug 30, 2024 02:54 AM
From: afedeli
Subject: Clearpass and Alliet Telesis switches TACACS+
Hi jonas and thank you,
there is no device group list configuration on th enforcement profile.
I copied this profile from one that is working for cisco switches.
I was thinking about some missing attribute in the access-accecpt that lets the switch fail the authorization for the session. That's why I am looking for someone who already had experience with Allied Telesis Products.
Thank you and kind regards
Ale
Original Message:
Sent: Aug 29, 2024 05:58 AM
From: jonas.hammarback
Subject: Clearpass and Alliet Telesis switches TACACS+
Hi
I don't have experience of Allied Telesis switches, but you problem is related to the configuration in ClearPass.
In most cases when I have seen this the enforcement profile have been limited to a specific Network Device Group.
Make sure that the switch is included in any Device groups specified or remove the Device Group condition if it can be done without interference in other rules.
Maybe a copy of the current profile can be good to test with.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Aug 29, 2024 05:38 AM
From: afedeli
Subject: Clearpass and Alliet Telesis switches TACACS+
Hello Airheads,
I was wondering if anyone had experience in configuring TACACS+ Service for Allied Telesis switches.
I configured the enforcement profile with priv-lvl=15 but i get the following error in the access-tracker
Maybe some attribute is missing in the returned enforcement.
I hope somebody can help.
Many thanks
Ale