cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5144
Views
5
Helpful
4
Replies

ISE with Aruba Clearpass TACACS

James Davies
Level 1
Level 1

To manage one of our clients, we use our ISE (2.7) to manage the Clearpass device, but users are not logging on, the Policy is being hit, but doesnt show in the logs and the user is refused login,

 

I created a TACACS Profile with the AV Pair " AdminPrivilege=Super Administrator " but I suspect this is wrong, I cannot find information anywhere on what TACACS profile to use for this!

 

Any help appreciated,.

2 Accepted Solutions

Accepted Solutions

Arne Bier
VIP
VIP

Have you seen this article in Aruba Airheads?  It appears that the response from a TACACS+ server to Clearpass has to be quite specific. I have not done it myself though

View solution in original post

James Davies
Level 1
Level 1
 

The solution was to create a TACACS PROFILE like this: Took me all day, but it worked for me

aruba.PNG

 

View solution in original post

4 Replies 4

Arne Bier
VIP
VIP

Have you seen this article in Aruba Airheads?  It appears that the response from a TACACS+ server to Clearpass has to be quite specific. I have not done it myself though

James Davies
Level 1
Level 1
 

The solution was to create a TACACS PROFILE like this: Took me all day, but it worked for me

aruba.PNG

 

Sorry to bring up an old thread. What does your Clearpass TACACS service for Management Logins look like? Authentication is hitting ISE and passing, but Clearpass is failing stating the user cannot be found.

Disregard my last. I figured out my issue. I had to set the device to "Single Connect Mode". Without that the authorization was failing with a TCP RST.