• Tag : TACACS+

 
 

tacacs over vrf

I am trying to configure TACACS over a vrf and for some reason no packets are being sent (all of the TACACS counters are zero).  Any ideas what might be wrong? tacacs-server timeout 2 tacacs-server host 10.136.216.38 key 7 XXXXXXXXXXXXXXXXXXXXXXXXXX tacacs-server host 10.184.103.198 key 7 XXXXXXXXXXXXXXXXXXXXXXXXXX ! aaa group server tacacs+ group1 server 10.184.103.198 vrf management ! aaa group server tacacs+ group2 server 10.136.216.38 vrf management ! aaa authentication login default group group1 group group2 local aaa authentication enable default group group1 group group2 local aaa authorization exec default group group1 group group2 local aaa accounting exec default start-stop group...
Continue reading →

CVP AAA TACACS+ authorization with Cisco ISE

CVP AAA TACACS+ authorization with Cisco ISE Introduction We saw last time how to correctly integrate Aruba ClearPass CPPM with CVP so TACACS+ users can authenticate with the correct network role. The purpose of this document is to show the same for Cisco ISE (successor of ACS) TACACS+. Our goal is to make Cisco ISE send us the cvp-roles=network-admin attribute in the Authorization reply packet.   NOTE If you are running CVP versions 2018.2.0 and 2018.2.1 you might hit BUG 345723 due to which in tacacs-provider authorization we are not checking for TAC_PLUS_AUTHOR_STATUS_PASS_ADD flag. We can provide a binary patch...
Continue reading →

ClearPass TACACS+ Authorization with CVP

ClearPass TACACS+ Authorization with CVP Introduction The purpose of this article is to learn how to correctly set up the TACACS+ service in Aruba ClearPass in order to successfully authenticate on the CVP GUI as a network admin. Our goal is to configure ClearPass Policy Manager [CPPM] to send us the cvp-roles=network-admin attribute in the TACACS+ Authorization reply packet. By default this does not happen, because cvp-roles is a custom attribute that has to be added to the TACACS+ dictionary on any type of TACACS+ implementation. Without this, the default role of network-operator will be allocated to the user, that...
Continue reading →

Arista CVP talking to TACACS

Hi, We have got CVP 2016.1.1 talking to Cisco TACACS+ with Authentication Tacacs Authorization Local and the “test” button works fine. We get to log in, but as a User (not admin).   What tweaks do we need to make to uplift the users to Admin? With Authentication Tacacs Authorization Tacas CVP gives a RuntimeException. Thanks Andrew  

Introduction to Managing EOS Devices – Setting up Management

Note: This article is part of the Introduction to Managing EOS Devices series: https://eos.arista.com/introduction-to-managing-eos-devices/      1) Setting Up Management The following management tools are available on Arista EOS for all platforms: VRF-aware management Telnet and SSH Syslog and Console Logging SNMP Versions 1 and 3 NTP DNS Local and remote user control (AAA) TACACS+, RADIUS sFlow XMPP eAPI   Note: in the following configuration examples, the commands in square brackets are optional: [optional]   1.1) VRF Aware Management As of release 4.10.1, EOS supports the ability to constrain management functions to a VRF. This enables the user to separate management based functions...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: