This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hello!
I have created the policy for my Aruba switch ssh login via Cisco ISE. I have played around but cannot get it working.
Right now I have modified it to simipliest but still it doesnt work.
So I have the following configuration.
Policy Set name: Access-for-Switches
Condition: If device-location EQUALS OFFICE-BUILDING
AND
Device Type EQUALS ARUBA-SWITCHES
Default Network Access
Authentication Policy
Default
USE: My-company-sequence (containing my AD)
AUTHORIZATION Policy:
condition:
IF AD:EXTERNALgroups EQUALS IT-Admin
Results:
Aruba: Aruba-Priv-Admin-Role = root
Attributes Details
Access Type = ACCESS_ACCEPT
Aruba-Admin-Role = root
Error:
Event 5400 Authentication failed
Failure Reason 15039 Rejected per authorization profile
I have also with different option but no success.
Please suggest in this case.
Thanks
Solved! Go to Solution.
The following settings worked for me.
Network Device Profile = Cisco
Access Type = ACCESS_ACCEPT
Service-Type = 6
Thanks.
Not sure how its set to SOLVED.
Anyways to me the issue look like in the condition.
condition:
IF AD:EXTERNALgroups EQUALS IT-Admin
Results:
Aruba: Aruba-Priv-Admin-Role = root
Attributes Details
Access Type = ACCESS_ACCEPT
Aruba-Admin-Role = root
I can understand its more towards Aruba about the privilege access level radius value but so far I am not able to find anything.
The following settings worked for me.
Network Device Profile = Cisco
Access Type = ACCESS_ACCEPT
Service-Type = 6