Integrating AirWave into ClearPass using TACACS+
Can we integrate Airwave with CPPM for management authentication of Airwave.
Yes, we can achieve it.
The below steps will help.
1. Create the XML file which will be used to import the TACACS+ dictionary for AMP:https service.
You can save the following text into a file eg TacacsServiceDictionaryAMP.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsHeader exportTime="Mon Feb 25 11:04:56 MST 2013" version="6.0"/> <TacacsServiceDictionaries>
<TacacsServiceDictionary dispName="AMP:https" name="AMP:https">
<ServiceAttribute dataType="String" dispName="role" name="role"/>
2. Import the attached XML in Admin-TACACS dictionary
3. Setup TACACS Profile to use the new variable.
This has to match the role in AirWave
One can create multiple roles on Airwave for different level of access and map it to the enforcement profile of CPPM.
4. Setup TACACS in AirWave
5. Add AirWave to the Network Devices in CPPM and make sure the shared secrets match.
6. Setup TACACS Policy to kick in appropriate users to AirWave login.
7. Setup TACACS service to handle AirWave requests
BASIC Troubleshooting steps
- Check Monitoring > Access Tracker on CPPM to ensure that Airwave Server sends a request. If not make sure that the Data port (not the Management port) is reachable as CPPM listens for RADIUS requests on data port only if both of them are active. If you are using Management port only then CPPM would listen to requests on Management
- On receiving the request on Access Tracker. Double click on the request and check the attributes returned and verify if they match as needed.
Note: Steps 1 and 2 can be skipped if running CPPM 6.4 and above as the dictionary is already included by default.