Ethernet Switches & Routers

Reply
New Member
Posts: 1
Registered: ‎03-06-2017

TACACS+ query BR-VDX6740/HPE Clearpass

Hi community,

 

We are in the middle of a project to replace a legacy Cisco ACS TACACS+ platform with a new HPE Clearpass platform.

 

We are faced with an issue of the HPE Clearpass server not returning a 'brcd-role' back to the BR-VDX6740 switch. We see the switch requesting a SHELL and brcd-role, but despite the HPE Clearpass server being configured with this, it only responds with the priv-lvl 15 and not the 'brcd-role' which results in the TACACS+ user assuming the 'User' role.

 

Just wondering if anyone else out there has managed to get this working? I've attached a screenshot showing the HPE Clearpass configuration. I'm hoping I've just got something configured incorrectly with the Clearpass as it works seamlessly with the Cisco ACS with the 'optional' attribute 'brcd-role = admin'.

 

Appreciate this isn't a Clearpass forum, just hoping somebody else has a similar configuration that can be shared.

 

Thanks guys

Brocade Moderator
Posts: 164
Registered: ‎06-30-2010

Re: TACACS+ query BR-VDX6740/HPE Clearpass

Hi Darren,

 

As far as I can tell you have a good handle on how this should work as you have had this previously configured under ACS.

 

I am afraid I am not familiar with HPE Clearpass but have quite a bit of experience with VDX and TACACS+ on other platforms.

Does HPE have the facility to configure the brcd-role as an optional argument rather than a mandatory argument.  Having more than one mandatory argument configured as part of a single TACACS+ service can cause some authorization issues.

 

Also what happens if you configure a TACACS+ service with only brcd-role = admin and remove priv-lvl = 15 altogether does this work for the VDX switches?

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.