- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- TACACS
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-06-2018 08:22 AM
06-06-2018 08:22 AM
TACACS
I have some Aruba 5412R switches deployed and I have successfully configured aaa authentication through our RADIUS server for TACACS access. However, whenever someone logs into the web access, it only allows that person in as an operator, not as a manager, thus prohibiting any changes via the web interface....we like to use this feature for the CLI-challenged, change a vlan, modify a port description, etc. There must be some command(s) I am missing,,,please help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-18-2018 09:47 AM
06-18-2018 09:47 AM
Re: TACACS
Did you tried "aaa authentication web login radius" command?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-19-2018 12:21 AM
06-19-2018 12:21 AM
Re: TACACS
Hi,
can you share your configuration?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
07-25-2018 11:40 AM - edited 07-25-2018 12:08 PM
07-25-2018 11:40 AM - edited 07-25-2018 12:08 PM
Re: TACACS
This is what I have configured...(sorry...I haven't gotten back as soon as I wanted, but other projects have taken precedence). Now, the web login screen comes up, but no one, including myself, can even login via the web interface, with RADIUS credentials nor the original manager username and password that I originally configured. After I enter credentials, it gives the appearance that it logs in, but then loops back to the login screen. CLI ssh access, however, works flawlessly.
radius-server host XXX.XX.X.XXX key "XXXXXXXXXXX"
tacacs-server host XXX.XX.X.XXX key "XXXXXXXXXXX"
no telnet-server
aaa accounting update periodic 10
aaa accounting commands interim-update tacacs
aaa accounting exec start-stop tacacs
aaa accounting system start-stop tacacs
aaa authentication login privilege-mode
aaa authentication web login radius
aaa authentication ssh login tacacs
aaa authentication ssh enable tacacs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
07-25-2018 03:39 PM
07-25-2018 03:39 PM
Re: TACACS
Upon further review, it may only be the fact that we need to add a policy to CPPM...when that person (not all of us have access) comes back from his vacation, I will give that a shot. But thanks for your input...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-25-2018 01:23 PM
10-25-2018 01:23 PM
Re: TACACS
So...this what I currently have configured on one of my Aruba 5412R ZL2 switches. I have configured/modified the 'manager' account with a password for console access. I used to (but can not anymore) be able to log in via the web...I prefer CLI, some of the upper management are CLI-challenged...
I can ssh into any of the two dozen zl2 switches (eventually will be about 150) that I have deployed utilizing TACACS access/credentials, which is bounced off our Active Directory...it seems that the--
aaa authentication web login radius
aaa authentication web enable radius
--commands have prohibited me from logging in to the switch via the web altogether.
radius-server host xxx.xx.x.xx key "shared key"
tacacs-server host xxx.xx.x.xxx key "shared key"
no telnet-server
aaa accounting update periodic 10
aaa accounting commands interim-update tacacs
aaa accounting exec start-stop tacacs
aaa accounting system start-stop tacacs
aaa authentication web login radius
aaa authentication web enable radius
aaa authentication login privilege-mode
aaa authentication ssh login tacacs
aaa authentication ssh enable tacacs
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP