Wired Intelligent Edge

Having some trouble getting the HTTPS web authentication to work when logging into the switch GUI with TACACS but the local switch admin still works.

Anyone have any insight into this?

SSH TACACS works great after applying the fragmentation patch. I have allowed level 15 and administrator role in the enforcement profile I just do not see the attempt even making it to ClearPass for the web gui login. Nothing in the event viewer. Here are the CX switch commands I have deployed. 

aaa authentication login https-server group CP-TEST-TACACS local (Allow HTTPS Login from TACACS? then Local)
aaa authentication login ssh group CP-TEST-TACACS local (Allow SSH Login from TACACS then Local)
aaa authorization commands ssh group CP-TEST-TACACS (Authorize SSH commands against TACACS)
aaa accounting all-mgmt https-server start-stop group CP-TEST-TACACS (Account HTTPS mgmt commands to TACACS)
aaa accounting all-mgmt ssh start-stop group CP-TEST-TACACS (Account SSH mgmt commands to TACACS)
aaa accounting port-access start-stop interim 5 group CP-TEST-RADIUS (Account 802.1x port to RADIUS)





------------------------------
Christopher Calhoun
------------------------------

Did you get this figured out?   I'm having same issue.

------------------------------
Alan Scott
------------------------------

Original Message:
Sent: Feb 23, 2021 09:30 AM
From: Christopher Calhoun
Subject: Aruba CX Switch HTTPS TACACS Web Authentication

Having some trouble getting the HTTPS web authentication to work when logging into the switch GUI with TACACS but the local switch admin still works.

Anyone have any insight into this?

SSH TACACS works great after applying the fragmentation patch. I have allowed level 15 and administrator role in the enforcement profile I just do not see the attempt even making it to ClearPass for the web gui login. Nothing in the event viewer. Here are the CX switch commands I have deployed. 

aaa authentication login https-server group CP-TEST-TACACS local (Allow HTTPS Login from TACACS? then Local)
aaa authentication login ssh group CP-TEST-TACACS local (Allow SSH Login from TACACS then Local)
aaa authorization commands ssh group CP-TEST-TACACS (Authorize SSH commands against TACACS)
aaa accounting all-mgmt https-server start-stop group CP-TEST-TACACS (Account HTTPS mgmt commands to TACACS)
aaa accounting all-mgmt ssh start-stop group CP-TEST-TACACS (Account SSH mgmt commands to TACACS)
aaa accounting port-access start-stop interim 5 group CP-TEST-RADIUS (Account 802.1x port to RADIUS)





------------------------------
Christopher Calhoun
------------------------------

Had the same problem, Clearpass required some tweaking to get TACACS working on the GUI.

This is what i have configured in CP, maybe it helps


Original Message:
Sent: Aug 18, 2021 03:49 PM
From: Alan Scott
Subject: Aruba CX Switch HTTPS TACACS Web Authentication

Did you get this figured out?   I'm having same issue.

------------------------------
Alan Scott

Original Message:
Sent: Feb 23, 2021 09:30 AM
From: Christopher Calhoun
Subject: Aruba CX Switch HTTPS TACACS Web Authentication

Having some trouble getting the HTTPS web authentication to work when logging into the switch GUI with TACACS but the local switch admin still works.

Anyone have any insight into this?

SSH TACACS works great after applying the fragmentation patch. I have allowed level 15 and administrator role in the enforcement profile I just do not see the attempt even making it to ClearPass for the web gui login. Nothing in the event viewer. Here are the CX switch commands I have deployed. 

aaa authentication login https-server group CP-TEST-TACACS local (Allow HTTPS Login from TACACS? then Local)
aaa authentication login ssh group CP-TEST-TACACS local (Allow SSH Login from TACACS then Local)
aaa authorization commands ssh group CP-TEST-TACACS (Authorize SSH commands against TACACS)
aaa accounting all-mgmt https-server start-stop group CP-TEST-TACACS (Account HTTPS mgmt commands to TACACS)
aaa accounting all-mgmt ssh start-stop group CP-TEST-TACACS (Account SSH mgmt commands to TACACS)
aaa accounting port-access start-stop interim 5 group CP-TEST-RADIUS (Account 802.1x port to RADIUS)





------------------------------
Christopher Calhoun
------------------------------

Thanks for sharing I will take a look at that.

------------------------------
Alan Scott
------------------------------

Original Message:
Sent: Aug 19, 2021 04:07 AM
From: Unknown User
Subject: Aruba CX Switch HTTPS TACACS Web Authentication

Had the same problem, Clearpass required some tweaking to get TACACS working on the GUI.

This is what i have configured in CP, maybe it helps


Original Message:
Sent: Aug 18, 2021 03:49 PM
From: Alan Scott
Subject: Aruba CX Switch HTTPS TACACS Web Authentication

Did you get this figured out?   I'm having same issue.

------------------------------
Alan Scott

Original Message:
Sent: Feb 23, 2021 09:30 AM
From: Christopher Calhoun
Subject: Aruba CX Switch HTTPS TACACS Web Authentication

Having some trouble getting the HTTPS web authentication to work when logging into the switch GUI with TACACS but the local switch admin still works.

Anyone have any insight into this?

SSH TACACS works great after applying the fragmentation patch. I have allowed level 15 and administrator role in the enforcement profile I just do not see the attempt even making it to ClearPass for the web gui login. Nothing in the event viewer. Here are the CX switch commands I have deployed. 

aaa authentication login https-server group CP-TEST-TACACS local (Allow HTTPS Login from TACACS? then Local)
aaa authentication login ssh group CP-TEST-TACACS local (Allow SSH Login from TACACS then Local)
aaa authorization commands ssh group CP-TEST-TACACS (Authorize SSH commands against TACACS)
aaa accounting all-mgmt https-server start-stop group CP-TEST-TACACS (Account HTTPS mgmt commands to TACACS)
aaa accounting all-mgmt ssh start-stop group CP-TEST-TACACS (Account SSH mgmt commands to TACACS)
aaa accounting port-access start-stop interim 5 group CP-TEST-RADIUS (Account 802.1x port to RADIUS)





------------------------------
Christopher Calhoun
------------------------------

Please try to add AMP:https role Admin into Services.

------------------------------
Give me a Kudo when this is useful.

Ratchapas
https://www.facebook.com/Aruba-News-Update-1401095559960142
------------------------------

Original Message:
Sent: Aug 19, 2021 04:07 AM
From: mbaars
Subject: Aruba CX Switch HTTPS TACACS Web Authentication

Had the same problem, Clearpass required some tweaking to get TACACS working on the GUI.

This is what i have configured in CP, maybe it helps


Original Message:
Sent: Aug 18, 2021 03:49 PM
From: Alan Scott
Subject: Aruba CX Switch HTTPS TACACS Web Authentication

Did you get this figured out?   I'm having same issue.

------------------------------
Alan Scott

Original Message:
Sent: Feb 23, 2021 09:30 AM
From: Christopher Calhoun
Subject: Aruba CX Switch HTTPS TACACS Web Authentication

Having some trouble getting the HTTPS web authentication to work when logging into the switch GUI with TACACS but the local switch admin still works.

Anyone have any insight into this?

SSH TACACS works great after applying the fragmentation patch. I have allowed level 15 and administrator role in the enforcement profile I just do not see the attempt even making it to ClearPass for the web gui login. Nothing in the event viewer. Here are the CX switch commands I have deployed. 

aaa authentication login https-server group CP-TEST-TACACS local (Allow HTTPS Login from TACACS? then Local)
aaa authentication login ssh group CP-TEST-TACACS local (Allow SSH Login from TACACS then Local)
aaa authorization commands ssh group CP-TEST-TACACS (Authorize SSH commands against TACACS)
aaa accounting all-mgmt https-server start-stop group CP-TEST-TACACS (Account HTTPS mgmt commands to TACACS)
aaa accounting all-mgmt ssh start-stop group CP-TEST-TACACS (Account SSH mgmt commands to TACACS)
aaa accounting port-access start-stop interim 5 group CP-TEST-RADIUS (Account 802.1x port to RADIUS)





------------------------------
Christopher Calhoun
------------------------------

TACACS+ is for CLI, RADIUS will be GUI based like the HTTPS Web UI for the switch. You will want to create a Radius profile (Aruba RADIUS Enforcement) then its attributes will be Radius:Aruba Name: Aruba-User-Role and value=administrators. The CX switch has built in group for administrators called administrators. This enforcement profile will get you into the HTTP GUI using RADIUS, since TACACS is for only CLI.

Original Message:
Sent: Feb 23, 2021 09:30 AM
From: ccalhoun
Subject: Aruba CX Switch HTTPS TACACS Web Authentication

Having some trouble getting the HTTPS web authentication to work when logging into the switch GUI with TACACS but the local switch admin still works.

Anyone have any insight into this?

SSH TACACS works great after applying the fragmentation patch. I have allowed level 15 and administrator role in the enforcement profile I just do not see the attempt even making it to ClearPass for the web gui login. Nothing in the event viewer. Here are the CX switch commands I have deployed. 

aaa authentication login https-server group CP-TEST-TACACS local (Allow HTTPS Login from TACACS? then Local)
aaa authentication login ssh group CP-TEST-TACACS local (Allow SSH Login from TACACS then Local)
aaa authorization commands ssh group CP-TEST-TACACS (Authorize SSH commands against TACACS)
aaa accounting all-mgmt https-server start-stop group CP-TEST-TACACS (Account HTTPS mgmt commands to TACACS)
aaa accounting all-mgmt ssh start-stop group CP-TEST-TACACS (Account SSH mgmt commands to TACACS)
aaa accounting port-access start-stop interim 5 group CP-TEST-RADIUS (Account 802.1x port to RADIUS)





------------------------------
Christopher Calhoun
------------------------------