Wired Intelligent Edge (Campus Switching and Routing)

Reply
Aruba Employee

TACACS with Cisco ISE and ArubaOS-Switch

Hello everyone,

 

This guide below is how to set up TACACS with ArubaOS-Switch using Cisco ISE.  

 

 

 

Was missing Some Commands from the Document 

"aaa authentication login privilege-mode"

"aaa authorization commands tacacs"

 

Highlighted
Occasional Contributor II

Re: TACACS with Cisco ISE and ArubaOS-Switch

Do you have guide for Aruba Device Management via Cisco ISE?

Highlighted
MVP Guru Elite

Re: TACACS with Cisco ISE and ArubaOS-Switch


@capricorn80 wrote:

Do you have guide to Aruba Deve Management via Cisco ISE?


What do you need ?



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: TACACS with Cisco ISE and ArubaOS-Switch

I am trying to setup Aruba 2540 and 2930 ssh admin login via Cisco ISE using radius. Also web login if possible.

Get Outlook for iOS
Highlighted
MVP Guru Elite

Re: TACACS with Cisco ISE and ArubaOS-Switch

it is the same config... but replace TACACS by RADIUS ;-)



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: TACACS with Cisco ISE and ArubaOS-Switch

Thanks but I dont have Tacas option like like Jr_admin Profile.

I have created Result condition as below but it doesnt work.

 

Aruba: Aruba-Priv-Admin-Role = root

Attributes Details

Access Type = ACCESS_ACCEPT
Aruba-Admin-Role = root

 

 

Highlighted
MVP Guru Elite

Re: TACACS with Cisco ISE and ArubaOS-Switch

it is for Aruba Switch ?

you need to add push like a Cisco switch shell-privilege



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: TACACS with Cisco ISE and ArubaOS-Switch

Yes its for Aruba Switch.

 

Cisco priv works like this.

 

Access Type = ACCESS_ACCEPT
cisco-av-pair = shell:priv-M=15

 

Tried with HP radius option.

Access Type = ACCESS_ACCEPT
HP-Privilege-Level = 15

 

did not work.

Highlighted
MVP Guru Elite

Re: TACACS with Cisco ISE and ArubaOS-Switch

use cisco-av-pair for HP Switch



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: TACACS with Cisco ISE and ArubaOS-Switch

Thanks but I am getting it.

 

The Cisco AV pair for shell access is:

cisco-av-pair = shell:priv-M=15

 

I have tried it but it didnt work.

 

Can you please tell me the exact format?