Computer and IT knowledge - things to know
1) Switch settings
tacacs-server host 192.168.2.10 vrf xyz
tacacs-server host 192.168.2.11 vrf xyz
tacacs-server key plaintext xyzxyzxyz
tacacs-server auth-type pap #pap is default - statement not needed
aaa group server tacacs group-tacacs
server 192.168.2.10 vrf xyz
server 192.168.2.11 vrf xyz
aaa authentication login default group group-tacacs local
aaa authentication allow-fail-through
1.1) to verify user permissions, after successful logon run command: show user information
to see which groups are available on cx switch run command:
show user-group
GROUP NAME GROUP TYPE INCLUDED GROUP NUMBER OF RULES
-------------- -------------- ------------------ -------------------
administrators built-in n/a n/a
auditors built-in n/a n/a
operators built-in n/a n/a
2) on Tacacs server side return the right attributes
2.1) clearpass Enforcement Profile:
Action: Accept
Service Attributes: Aruba:Common Aruba-Admin-Role = administrators
>> the important part is the service attribute "Aruba:Common" and the role "administrators"
computer2know :: thank you for your visit :: have a nice day :: © 2024