Occasional Contributor I

CPPM TACACS+ for Autnenticating Silver Peak Admins

Hello all,


I am trying to setup TACACS on Silver Peak appliances but it doesn't look like it's working properly. I keep getting the following authorizatin error (see attached screenshot). I have created and imported the below dictionary file. Silverpeak has a detailed documentation on how to setup TACACS on Cisco ACS but none for Clearpass. Has anyone done this on Clearpass?




Guru Elite

Re: CPPM TACACS+ for Autnenticating Silver Peak Admins

Please post the dictionary you're attempting to use.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Regular Contributor I

Re: CPPM TACACS+ for Autnenticating Silver Peak Admins

Were you able to get this going successfully? I think you need to create a new service with name silverpeak:ip? 


That did not work, still trying to get a dictionary going


I take it back, it did work. Partially. I can assign the correct role, admin or monitor, however, if no role is assigned(you login with a user who should be denied, it works).  Just make sure in the SilverPeak auth setting to configure Authorization source to Remote Only. 


Here is the TACACS Dictionary: 


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="">
<TipsHeader exportTime="Tue Nov 21 10:55:20 EST 2017" version="6.6"/>
<TacacsServiceDictionary dispName="SilverPeak:IP" name="silverpeak:ip">
<ServiceAttribute dataType="String" dispName="role" name="role"/>


In your enforcement policy the role is either 'admin' or 'monitor'




Search Airheads
Showing results for 
Search instead for 
Did you mean: