This community is currently in a read-only state due to a maintenance window. For more info click here
Occasional Contributor I

CPPM TACACS+ for Autnenticating Silver Peak Admins

Hello all,


I am trying to setup TACACS on Silver Peak appliances but it doesn't look like it's working properly. I keep getting the following authorizatin error (see attached screenshot). I have created and imported the below dictionary file. Silverpeak has a detailed documentation on how to setup TACACS on Cisco ACS but none for Clearpass. Has anyone done this on Clearpass?





Re: CPPM TACACS+ for Autnenticating Silver Peak Admins

Please post the dictionary you're attempting to use.

If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | |

All-Decade MVP 2020

Re: CPPM TACACS+ for Autnenticating Silver Peak Admins

Were you able to get this going successfully? I think you need to create a new service with name silverpeak:ip? 


That did not work, still trying to get a dictionary going


I take it back, it did work. Partially. I can assign the correct role, admin or monitor, however, if no role is assigned(you login with a user who should be denied, it works).  Just make sure in the SilverPeak auth setting to configure Authorization source to Remote Only. 


Here is the TACACS Dictionary: 


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="">
<TipsHeader exportTime="Tue Nov 21 10:55:20 EST 2017" version="6.6"/>
<TacacsServiceDictionary dispName="SilverPeak:IP" name="silverpeak:ip">
<ServiceAttribute dataType="String" dispName="role" name="role"/>


In your enforcement policy the role is either 'admin' or 'monitor'




New Contributor

Re: CPPM TACACS+ for Autnenticating Silver Peak Admins

Thank You!!! For posting the SilverPeak enforcement profile Dictionary.  This post solved my issue.  The only thing I am doing differently is using Privilege Level 7 in my Services tab and I set the role to "admin".

Search Airheads
Showing results for 
Search instead for 
Did you mean: