Hi Community,
I was wondering if you could advise me on how to setup a TACACs service on Clearpass.
The TACACs service would be used to authenticate users who want to log into switches with their AD account. The switches are Alcatel switches.
When I go to setup the service for TACACs. I select the “TACACS+ Enforcement” I am not sure how to setup the service rule/conditions that deals authentication requests coming from a device, but have come up with the following:
Would this service rule work:
Type=Authentication
Name=Source
Operator=BELONGS_TO
Value= This would be a static host list that has been created
I will then also enable “Authorization”
The static host list would be created based on subnet.
The authentication would then be AD
The authorization would then be AD
The roles would then be if “Authorization:AD:member of contains Technical”
I am not sure what would be used for enforcement as when I go to create this I get the following. Please see attached picture.
What do I set for privilege level?
What do I set for selected services?
What do I set for authorize attribute service?
What do I set for service attributes?
What do I then set up for Enforcement policies?
I hope the above make senses and you guys can advise me further?
Many Thanks