• Author : Tamas Plugor

 
 

CVP AAA TACACS+ authorization with Cisco ISE

CVP AAA TACACS+ authorization with Cisco ISE Introduction We saw last time how to correctly integrate Aruba ClearPass CPPM with CVP so TACACS+ users can authenticate with the correct network role. The purpose of this document is to show the same for Cisco ISE (successor of ACS) TACACS+. Our goal is to make Cisco ISE send us the cvp-roles=network-admin attribute in the Authorization reply packet.   NOTE If you are running CVP versions 2018.2.0 and 2018.2.1 you might hit BUG 345723 due to which in tacacs-provider authorization we are not checking for TAC_PLUS_AUTHOR_STATUS_PASS_ADD flag. We can provide a binary patch...
Continue reading →

ClearPass TACACS+ Authorization with CVP

ClearPass TACACS+ Authorization with CVP Introduction The purpose of this article is to learn how to correctly set up the TACACS+ service in Aruba ClearPass in order to successfully authenticate on the CVP GUI as a network admin. Our goal is to configure ClearPass Policy Manager [CPPM] to send us the cvp-roles=network-admin attribute in the TACACS+ Authorization reply packet. By default this does not happen, because cvp-roles is a custom attribute that has to be added to the TACACS+ dictionary on any type of TACACS+ implementation. Without this, the default role of network-operator will be allocated to the user, that...
Continue reading →

Writing your own webhook relay – sending event alerts to Discord

Writing your own webhook relay – sending event alerts to Discord   Introduction Starting from version 2018.2.0, CVP supports configuring event alerts, where receivers can be email, Slack, PagerDuty, webhooks and others. The purpose of this article is to demonstrate how easy it is to write your own webhook relay app that will forward alerts to your favorite webhook endpoint, in my case, a Discord channel. Discord is getting more and more popular, not only amongst gamers, but also lots of companies started to use it. I’ve been using it for a couple of years now, and it made sense...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: