Security

Reply
Occasional Contributor I

Getting TACACS+ to work with Cisco ACS

I am trying to get my controllers to use my Cisco ACS (v 5.6.0.22) to allow admin login. I have the controller side of things configured with a matching password and defining the TACACS server as outlined below..

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/TACACS-Session-Authorization/td-p/33536

 

I have the Aruba-Admin-Role=root and the device set but the issue I am having is finding where on the ACS that I set the matching rule for the part outlined below.

 

"The request will include two fields, which you'll need to configure on the TACACS server as a matching rule:

  service=aruba

  protocol=common"

 

Anyone have any experience with this product and can point me in the right direction?

 

Guru Elite

Re: Getting TACACS+ to work with Cisco ACS

Quite frankly, all you need is a positive response from the Tacacs server and the controller will let you in.  Have you already accomplished that and you want to fine tune the roles?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: Getting TACACS+ to work with Cisco ACS

I seem to be having issues just getting the darn ACS to respond. I have added the tacacs server under the Security > Authentication>Servers tab. I have checked and double checked that the keys are correct and tried both ports 49 and 4949. If I dont have to mess with all those other settings and I should be getting the default root group assigned to an approved connection I am not sure what else I need to be doing.

Guru Elite

Re: Getting TACACS+ to work with Cisco ACS

Here is a pic of the minimum parameters you need configured.  Please ignore that a radius server, NPS is configured.  You just need to have a TACACS server in its place in the server group.

radius.png

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: Getting TACACS+ to work with Cisco ACS

Thank you for the reply, I have the Aruba side configured and set up and if I do a test from the diagnostic tab to the server I can see communications to the ACS. I am thinking I have something not cofigured correctly on the ACS. I added a custom attrabute of Aruba-Admin-Role but it does not seem to work. Do I even need that and if not what common tasks do I need to add. 

 

I gues what I am looking for is what do I need to set on the ACS side to get it to work with Aruba equipment? Any guides online that I can look at?

New Contributor

Re: Getting TACACS+ to work with Cisco ACS

Hi,

Did you fixed the problem? Because I have the same issue. Authentication is working but authorization is not working.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: