TACACS Dictionary for Blue Planet ROA

MVP
MVP
Requirement:

ClearPass TACACS+ configuration for Blue Planet ROA (Route Optimization and Analysis) devices.



Solution:

To configure TACACS+ enforcement profile on ClearPass, we need to add the TACACS Dictionary for Blue Planet ROA devices.



Configuration:

Below are the sample TACACS configuration done on the Blue Planet ROA:

key = SomethingSecret

user = admin {

pap = cleartext mypassword

service = ppp protocol = rex-admin

{ rex-user = rex-admin }

}

user = op {

pap = des sOzm4t1mClWDg

service = ppp protocol = rex-op

{ rex-user=rex-op }

service = ppp protocol = rex-ftp

{ rex-user=rex-admin rex-ftp = enabled }

}

user = cliuser {

pap = des 6bjKZUV4xsNRQ

service = ppp protocol = rex-cli

{ rex-user = rex-cli }

}


 

Based on the above configuration, we need to create a new TACACS dictionary from ClearPass to send the correct role. ClearPass needs to send the rex-user value in the TACACS response to assign the user in the admin role.

Below is the sample XML file created to import TACACS Dictionary on ClearPass based on the ROA device:

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">

  <TipsHeader exportTime="Thu Jan 23 07:37:03 IST 2020" version="6.7"/>

  <TacacsServiceDictionaries>

    <TacacsServiceDictionary dispName="PPP:rex-admin" name="ppp:rex-admin">

      <ServiceAttribute dataType="String" dispName="rex-user" name="rex-user"/>

    </TacacsServiceDictionary>

  </TacacsServiceDictionaries>

</TipsContents>

 

Save this file as .xml format to import it on ClearPass.

Navigate to Administration > Dictionaries > TACACS+ Services and then import the xml file.

Use the above TACACS+ dictionary attribute in the TACACS+ enforcement profile:

Navigate to Configuration > Enforcement > Profiles > Add > Template: TACACS+ Based Enforcement



Verification

Try management authentication from Blue Planet ROA device and make sure that the ClearPass sending the correct role in the TACACS+ response.

 

Attachment:

TACACS Dictionary file attached (BluePlanetTACACS.xml). Import this .xml file under Administration > Dictionaries > TACACS+ Services > Import.

 

 


Attachments:
BluePlanetTACACS.xml
Version history
Revision #:
2 of 2
Last update:
‎04-15-2020 10:18 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: