Security

Reply
New Contributor

airwave 'backup config' via TACACS+ auth. via clearpass on aruba switch

Hallo Community. I have the following problem:

 

i enabled TACACS+ auth for SSH on my aruba lab-switch.

 

Successfull:

Authentication via domain-user on lab switch via ssh and correct username / password.

I get the request to my clearpass and the clearpass replys with priv lvl15 without problem.

 

Fail:

airwave tries to access with the same authentication - same domain user / password as configured in airwave for the regarding switch.

 

The Service on my clearpass takes the request and... recects with error 202 username password missmatch... can´t figure out why.

 

Can someone help?

 

Greetings Hecatonchires

Super Contributor II

Re: airwave 'backup config' via TACACS+ auth. via clearpass on aruba switch

This should work. Are you sure the password is correct? I see that there is a ! in the username. Maybe this give some issues.

You can create a pcap of the tacacs request and decrypt the request using the tacacs secret to see of the password is correct.

Have you configured the following at the switch?

aaa authentication login privilege-mode

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
New Contributor

Re: airwave 'backup config' via TACACS+ auth. via clearpass on aruba switch

Hello!

Thanks for the reply!

 

"You can create a pcap of the tacacs request and decrypt the request using the tacacs secret to see of the password is correct."

- Oh my... really just don´t know how to achive this fast :D

 

I also thought about the "!" in the username so i changed everything even the password on the specified user.

 

I can´t get it to work.

 

For the tacacs+ auth the shared secret between the switch and the clearpass is used if i am right... so the airwave server should not be involved in this process. He´s just the one trying to make a SSH session - if i am right.

 

There must be something wrong with the password submitted.

New Contributor

Re: airwave 'backup config' via TACACS+ auth. via clearpass on aruba switch

In the last screenshot you can see a classical "putty"-ssh session which works like a charm and the failed ssh session request via airwave. Double and triple checked password user credentials...

Super Contributor II

Re: airwave 'backup config' via TACACS+ auth. via clearpass on aruba switch

You can run a PCAP at ClearPass. See the following article for this.

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-take-a-customized-packet-captures-in-ClearPass-Policy/ta-p/283282

When you have a PCAP you can use the shared secret to decrypt the TACACS request and confirm the username and password

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
New Contributor

Re: airwave 'backup config' via TACACS+ auth. via clearpass on aruba switch

Thanks for the Hint...

 

yesterday night i made an update to airwave to Version 8.2.8.1 and today to 8.2.8.2 ... it doesn´t even try to backup the config anymore.

 

Will file a TAC-request. Changing SSH credentials in AirWave for a single Switch takes also ages... there seems to be something really buggy.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: