Controllerless Networks

Reply
Highlighted
Occasional Contributor II

Instant TACACS+ management roles possible?

Dear all,

 

I try to configure the TACACS+ authentication for Instant controllers.

Basically it works, but is there a way how I can use different access roles for the users?
I need normally an admin role and something like a "monitor" for read only.

 

Is that possible? Or if it is not with TACACS+, is it possible with RADIUS?

 

Thanks a lot!

 

Sven

Regular Contributor II

Re: Instant TACACS+ management roles possible?

Are you using clearpass as a tacacs server ?

Valued Contributor II

Re: Instant TACACS+ management roles possible?

 
Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Valued Contributor II

Re: Instant TACACS+ management roles possible?

Hi friend,

 

It is absolutely possible :)

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II

Re: Instant TACACS+ management roles possible?

 

@SumaN wrote:

Are you using clearpass as a tacacs server ?


No, we are using the Cisco ACS 4.x and in future 5.x.

 

Can you describe how I have to configure that? Is there something I have to add in the instant controller or on the TACACS+ server?

Trusted Contributor I

Re: Instant TACACS+ management roles possible?

this seems to indicate it is not possible to assign different roles

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-authenticate-IAP-admin-user-against-CPPM-over-TACACS/ta-p/192931

 

you might experiment with level 0 or 1 and see what that does.

Occasional Contributor II

Re: Instant TACACS+ management roles possible?

Thank you very much for the link.

 

So it seems that this is not working.

Is it possible to assign different roles with RADIUS?

Guru Elite

Re: Instant TACACS+ management roles possible?

Management roles for TACACS+ and RADIUS will be added in Instant 4.2 which will be released in the coming weeks.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: