Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

RADIUS AND TACACS SERVER UNREACHABLE 8325 ARUBA SWITCH

This thread has been viewed 13 times
  • 1.  RADIUS AND TACACS SERVER UNREACHABLE 8325 ARUBA SWITCH

    Posted 15 days ago

    Hello everyone,

    I have a concern regarding the 8325 aruba switch since I want to integrate a tacacs to make a centralize user management with CPPM. the tacacs perfectly works on 6300M access switches where user from cppm local db are able to authenticate using there credentials if they are authorized to access the devices. for aruba 8325 switch I need to configure a tacacs server but before I perfrom the aaa authorization login ssh tacacs local I need first to verify the radius server connectivity from 8325 switch to cppm but here is what I've encountered.

    Troubleshooting:

    Did you try to ping the cppm management IP from aruba 8325 switch ? yes, I was able to ping the cppm management IP

    What AOS-CX version you have in 8325 switch ?

    Please show if the radius and tacacs tracking are enable in 8325 switch ?

    Please show the radius server detail to verify the connectivity ?

    Please show tacacs server detail to verify the connectivity



  • 2.  RE: RADIUS AND TACACS SERVER UNREACHABLE 8325 ARUBA SWITCH

    Posted 15 days ago

    BTW this is a vsx setup but as of now I cant able to access the core 2 since I already configured the tacacs as default authentication without verifying the radius and tacacs connectivity . I already learned from my mistake soo before I perform the tacacs auth command I need to verify it first so I can check if there is a misconfiguration or tacacs server is not really accessible .




  • 3.  RE: RADIUS AND TACACS SERVER UNREACHABLE 8325 ARUBA SWITCH

    EMPLOYEE
    Posted 13 days ago

    Should your TACACS server be reached through the default VRF? Or through the mgmt port/VRF?

    Using ping may not give you a reliable way of testing connectivity as TACACS is TCP traffic, which if it traverses a security device like a firewall requires symmetric routing, pin in many cases is fine with asymmetric routing.

    Did you configure a NAD/Networking Device with TACACS enabled in ClearPass for your 8325?

    You may run some packet capture on the switch or ClearPass to verify that traffic is sent out and reaching ClearPass.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 4.  RE: RADIUS AND TACACS SERVER UNREACHABLE 8325 ARUBA SWITCH

    MVP GURU
    Posted 15 days ago
    Not an expert about TACAS on AOS-CX but your Aruba 8325 AOS 10.05 is, as of today, running on unsupported AOS-CX 10.05 (2020!). If I were you I will "rinse and repeat" your test only after upgrading it to supported (current) AOS-CX software LSR/SSR lines using their latest available builds (I would probably go with 10.13 LSR or with 10.14 SSR...).





  • 5.  RE: RADIUS AND TACACS SERVER UNREACHABLE 8325 ARUBA SWITCH

    Posted 15 days ago

    Hi,

    That was im thinking also to do a firmware upgrade since 10.5 is a bit old firmware . I'll try to upgrade it first then I'll get back if I face some issues

    Thanks