Security

 View Only
last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Mobility Controller not sending TACACs logins to ClearPass

This thread has been viewed 6 times

  • 1.  Mobility Controller not sending TACACs logins to ClearPass

    Posted Aug 04, 2019 09:49 PM

    Hi all,

     

    I am trying to setup TACACs authentication against ClearPass on a Mobility Controller running version 6.5.4.6.

     

    I might be missing something, but it seems the Controller is only attempting to authenticate users locally. I've confirmed this by doing a 'show log security' and there is no evidence that the Controller is passing Authentication Reqests to ClearPass.

     

    My configuration for AAA is below:

    ip tacacs source-interface vlan 10
!
aaa tacacs-accounting server-group ClearPass-TACACs command all mode enable
!
aaa authentication-server tacacs "aruba-cp-01-TACACS"
   host "10.0.10.11"
   key 785ee4a4bce8e3c104ff01e1b681fbdb5c028851fbe3e296
   session-authorization
   source-interface vlan 10 ip6addr ::
!
aaa server-group "ClearPass-TACACs"
 auth-server aruba-cp-01-TACACS
!
aaa authentication mgmt
   server-group "ClearPass-TACACs"
!

    Any ideas?

     

    -Brett



  • 2.  RE: Mobility Controller not sending TACACs logins to ClearPass
    Best Answer

    Posted Aug 05, 2019 05:16 PM

    Fix was simple. Hadn't enable the AAA configuration:

     

    aaa authentication mgmt
     enable