購入する または契約更新する
購入する または契約更新する
キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
次の代わりに検索 
もしかして: 
cancel
投稿メッセージを作成する
3936
閲覧回数
0
いいね!
7
返信

Aruba Switch ssh Authentication via Cisco ISE 2.4 Radius

解決策を見る
Capricorn
Level 1
Level 1

‎10-03-2019 04:04 AM ‎10-03-2019 04:07 AM 更新

Hello!

 

I have created the policy for my Aruba switch ssh login via Cisco ISE. I have played around but cannot get it working.

Right now I have modified it to simipliest but still it doesnt work.

So I have the following configuration.

Policy Set name: Access-for-Switches

Condition: If device-location EQUALS OFFICE-BUILDING

      AND

               Device Type EQUALS ARUBA-SWITCHES

Default Network Access

Authentication Policy

 Default

      USE: My-company-sequence (containing my AD)

 

AUTHORIZATION Policy:

condition:

IF AD:EXTERNALgroups EQUALS IT-Admin

Results:

Aruba: Aruba-Priv-Admin-Role = root

Attributes Details

Access Type = ACCESS_ACCEPT
Aruba-Admin-Role = root

Error:

 

Event 5400 Authentication failed
Failure Reason 15039 Rejected per authorization profile

 

I have also with different option but no success.

 

Please suggest in this case.

 

Thanks

ラベル:
0 いいね!
2 件の受理された解決策

受理された解決策

解決策を見る
Damien Miller
VIP Alumni
VIP Alumni

‎10-03-2019 06:06 PM

You may have to use "contains" or "end with" as the logic operand in device location and device type conditions because they are sub groups to the parents. I'm just assuming right now that they aren't an exact match because a device typically sits under all device types or all locations.

元の投稿で解決策を見る

0 いいね!

解決策を見る
Capricorn
Level 1
Level 1
Capricornに対する応答

‎10-06-2020 09:08 AM

The following settings worked for me.

Network Device Profile = Cisco
Access Type = ACCESS_ACCEPT
Service-Type = 6

元の投稿で解決策を見る

0 いいね!
7件の返信7

解決策を見る
Damien Miller
VIP Alumni
VIP Alumni

‎10-03-2019 06:06 PM

You may have to use "contains" or "end with" as the logic operand in device location and device type conditions because they are sub groups to the parents. I'm just assuming right now that they aren't an exact match because a device typically sits under all device types or all locations.
0 いいね!

解決策を見る
Capricorn
Level 1
Level 1
Damien Millerに対する応答

‎10-09-2019 12:17 AM

Thanks.

 

Not sure how its set to SOLVED.

 

Anyways to me the issue look like in the condition.

 

condition:

IF AD:EXTERNALgroups EQUALS IT-Admin

Results:

Aruba: Aruba-Priv-Admin-Role = root

Attributes Details

Access Type = ACCESS_ACCEPT
Aruba-Admin-Role = root

 

I can understand its more towards Aruba about the privilege access level radius value but so far I am not able to find anything.

0 いいね!

解決策を見る
Jason Kunst
Cisco Employee
Cisco Employee
Capricornに対する応答

‎10-25-2019 03:39 AM

i would check with aruba to see what they need
0 いいね!

解決策を見る
Capricorn
Level 1
Level 1
Jason Kunstに対する応答

‎11-11-2019 05:58 AM

Thanks. Did you get reply from them?
0 いいね!

解決策を見る
Capricorn
Level 1
Level 1
Capricornに対する応答

‎10-06-2020 09:08 AM

The following settings worked for me.

Network Device Profile = Cisco
Access Type = ACCESS_ACCEPT
Service-Type = 6

0 いいね!

解決策を見る
Romanpreet Singh
Level 1
Level 1

‎09-05-2024 08:26 AM

I have the same issue. Did we ever find what attributes to use for Aruba radius authentication?

Service-Type=6 doesn't work with Aruba.

0 いいね!

解決策を見る
Capricorn
Level 1
Level 1
Romanpreet Singhに対する応答

‎09-06-2024 12:19 AM

This worked for me on Aruba 2540, 2930.

Network Device Profile = Cisco
Access Type = ACCESS_ACCEPT
Service-Type = 6

Which model do you have and what condition you are using so I can compare it with my settings.

0 いいね!
Customers Also Viewed These Support Documents