Security

Reply
Contributor I

Ruckus Smart Zone TACACS+ with ClearPass

Hi guys,

 

We have one Ruckus Smart Zone 300 (3.6.1) Wireless Controller and one ClearPass (6.7.1) cluster. We would like to use TACACS+ authentication for login.

I created the TACACS service and so on... But I always get an error and the authentication doesn't work. I attached two screen with alerts. I use 3 auth source, so the auth source alert isn't relevant here. And I attached the Enforcement Profile too. Has somebody any information how I schould configure the Enforcement Profile ?

 

Thanks,
Balazs
Occasional Contributor I

Re: Ruckus Smart Zone TACACS+ with ClearPass

Were you ever able to figure this out?  I'm currently working on TACACS config for Ruckus VSZ-E 5.0 and was hoping to find some reference materials.  If I'm not mistaken from what I've read the privilege level is not the proper attribute to return to the smartzones... that was used for the zonedirectors.

CWNA | CWSP | CWAP | CWDP | CCNA RS | CCNP Wireless
Contributor I

Re: Ruckus Smart Zone TACACS+ with ClearPass

Yepp, It works for me now with a little compromise. You should configure a local user (on Ruckus) with a realm (eg.: tacacs) and a group (eg.: ReadWrite). Attached a screens. If these settings are ok then you should configure a TACACS Dictionary on CPPM with the realm name. (eg.: tacacs:ip) You can see on the attached pic. Then you should to create enforcement profile. It works well but without the user-name option doesn't work.

I would like to handle the user-name dinamically, but it doesn't work with a variable like %{Authentication:Username}

 

Has anyone information regarding this? Does ClearPass able to handle variables in TACACS Enforcement Profile attributes?

 

(Hope it helps)

Thanks,
Balazs
Occasional Contributor I

Re: Ruckus Smart Zone TACACS+ with ClearPass

Thanks! I'll check out what you sent.  It sounds like they use the username created on the controller as a template for rights.  I had to do something similar when doing TACACS on Juniper switches.

CWNA | CWSP | CWAP | CWDP | CCNA RS | CCNP Wireless
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: