Mobility Master with Clearpass as TACACS+
07-16-2019 04:58 AM
I'm trying to separate the access to our MM with Tacaca's based authentication. The authentication itself is working perfectly but I have some issues with restricting the access.
Setup: We have multiple MD's in our hierarchy for different regions and I want to restrict the access for each MD so onsite-engineers can access the MM but only see one specific MD and are only able to use ap-provisioning commands on GUI and CLI.
Right now I'm sending from Clearpass "Aruba-Admin-Role" = ap-provisioning within my tacacs service which should trigger the default admin role on MM "ap-provisioning". The user can access now the MM GUI but he doesn't see any information also not for ap-provisioning. He can log in as well to the local controller CLI and performing ap-provisioning commands.
Do you guys have an idea of how I could solve this with tacacs?
Thanks in advance!