Security

Reply
Highlighted
Contributor I

Mobility Master with Clearpass as TACACS+

Hey Guys,

 

I'm trying to separate the access to our MM with Tacaca's based authentication. The authentication itself is working perfectly but I have some issues with restricting the access.

 

Setup:  We have multiple MD's in our hierarchy for different regions and I want to restrict the access for each MD so onsite-engineers can access the MM but only see one specific MD and are only able to use ap-provisioning commands on GUI and CLI.

 

Right now I'm sending from Clearpass "Aruba-Admin-Role" = ap-provisioning within my tacacs service which should trigger the default admin role on MM "ap-provisioning". The user can access now the MM GUI but he doesn't see any information also not for ap-provisioning. He can log in as well to the local controller CLI and performing ap-provisioning commands.

 

Do you guys have an idea of how I could solve this with tacacs?

Thanks in advance!

Maik

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: