Security

Hello guys,

I'm trying to configure AAA in cisco ncs prime, which authenticates the AD user for its login.

Already configured clearpass as TACACS server in prime NCS with shared secret, added prime NCS as network access device in clearpass, created a TACACS service in clearpass which authenticates againts AD.

Now my question is what should be the enforcement profile pushed from the clearpass? We've many groups in ncs prime, each group has it own permissions and features.

Tried to add in all task list in clearpass enforcement profile, as in attached pic, but I cant access the features in prime which is included in clearpass!!! :(

Instead of sending 100 of task list per profile, is there a way to send the group name from clearpass to NCS prime?

Thanks,

Bharani..

We added a library for NCS in 6.2.3.  If you need it in your version, please see the attached file.  Go to Administration --> Dictionaries --> TACACS and at the top right, import this file (no password)

Here's the file!  I forgot it.  Unzip it first...then import

Attachment(s)

NCS_Dictionary.xml.zip   1 KB 1 version

Hello Seth,

Thanks for your reply. I have already edited this xml file as per our NCS prime's attribute task list (around 170 task list are in present in a group in NCS prime).

But what I can see is that I need to manually type in all task list in clearpass profile right?

Instead of doing this, is there a way to send just a group name from clearpass to NCS prime? (because that group in prime will be having all task list configured in it).

Regards,

Bharani..

I believe you can edit this dictionary and place those role into the categories.  Not an expert with Prime.  I believe that's how ACS does it.