07-12-2017 03:37 AM
I was wondering if you could advise me on how to setup a TACACs service on Clearpass.
The TACACs service would be used to authenticate users who want to log into switches with their AD account. The switches are Alcatel switches.
When I go to setup the service for TACACs. I select the “TACACS+ Enforcement” I am not sure how to setup the service rule/conditions that deals authentication requests coming from a device, but have come up with the following:
Would this service rule work:
Value= This would be a static host list that has been created
I will then also enable “Authorization”
The static host list would be created based on subnet.
The authentication would then be AD
The authorization would then be AD
The roles would then be if “Authorization:AD:member of contains Technical”
I am not sure what would be used for enforcement as when I go to create this I get the following. Please see attached picture.
What do I set for privilege level?
What do I set for selected services?
What do I set for authorize attribute service?
What do I set for service attributes?
What do I then set up for Enforcement policies?
I hope the above make senses and you guys can advise me further?
Solved! Go to Solution.
Re: Clearpass TACACs service setup
07-12-2017 04:24 AM
Hope this helps,
If my post helped you, don't forget to give kudos ;)
07-13-2017 12:58 AM
And another example for ArubaOS switch in this video:
Alcatel switch manual is here. It doesn't mention special requirements, so returning privilege level 15 and service Shell would be my first try. Then under commands 'Permit unmatched commands'. That is the pretty basic. Some switches require more specific information, like in the video we had to add priv-lvl=15 as a Service attribute to skip the enable prompt; but that is for ArubaOS switches specific.
Hope this helps you in the right direction.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).