Community
Aruba & ProVision-based
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TACACS

 
Jeff-the-Dude
Jeff-the-Dude
Occasional Contributor

‎06-06-2018 08:22 AM

‎06-06-2018 08:22 AM

TACACS

I have some Aruba 5412R switches deployed and I have successfully configured aaa authentication through our RADIUS server for TACACS access. However, whenever someone logs into the web access, it only allows that person in as an operator, not as a manager, thus prohibiting any changes via the web interface....we like to use this feature for the CLI-challenged, change a vlan, modify a port description, etc.  There must be some command(s) I am missing,,,please help.

0 Kudos
Reply
5 REPLIES 5
racowi
racowi
Frequent Advisor

‎06-18-2018 09:47 AM

‎06-18-2018 09:47 AM

Re: TACACS

Did you tried "aaa authentication web login radius" command?

0 Kudos
Reply
maguanglongMike
maguanglongMike
HPE Pro

‎06-19-2018 12:21 AM

‎06-19-2018 12:21 AM

Re: TACACS

Hi,

can you share your configuration?

Accept or Kudo

0 Kudos
Reply
Jeff-the-Dude
Jeff-the-Dude
Occasional Contributor

‎07-25-2018 11:40 AM - edited ‎07-25-2018 12:08 PM

‎07-25-2018 11:40 AM - edited ‎07-25-2018 12:08 PM

Re: TACACS

This is what I have configured...(sorry...I haven't gotten back as soon as I wanted, but other projects have taken precedence).  Now, the web login screen comes up, but no one, including myself, can even login via the web interface, with RADIUS credentials nor the original manager username and password that I originally configured.  After I enter credentials, it gives the appearance that it logs in, but then loops back to the login screen.  CLI ssh access, however, works flawlessly.  

 

radius-server host XXX.XX.X.XXX key "XXXXXXXXXXX"

tacacs-server host XXX.XX.X.XXX key "XXXXXXXXXXX"
no telnet-server

aaa accounting update periodic 10
aaa accounting commands interim-update tacacs
aaa accounting exec start-stop tacacs
aaa accounting system start-stop tacacs
aaa authentication login privilege-mode
aaa authentication web login radius
aaa authentication ssh login tacacs
aaa authentication ssh enable tacacs

0 Kudos
Reply
Jeff-the-Dude
Jeff-the-Dude
Occasional Contributor

‎07-25-2018 03:39 PM

‎07-25-2018 03:39 PM

Re: TACACS

Upon further review, it may only be the fact that we need to add a policy to CPPM...when that person (not all of us have access) comes back from his vacation, I will give that a shot.  But thanks for your input...

0 Kudos
Reply
Jeff-the-Dude
Jeff-the-Dude
Occasional Contributor

‎10-25-2018 01:23 PM

‎10-25-2018 01:23 PM

Re: TACACS

So...this what I currently have configured on one of my Aruba 5412R ZL2 switches.  I have configured/modified the 'manager' account with a password for console access.  I used to (but can not anymore) be able to log in via the web...I prefer CLI, some of the upper management are CLI-challenged...

I can ssh into any of the two dozen zl2 switches (eventually will be about 150) that I have deployed utilizing TACACS access/credentials, which is bounced off our Active Directory...it seems that the--

aaa authentication web login radius
aaa authentication web enable radius

--commands have prohibited me from logging in to the switch via the web altogether.

radius-server host xxx.xx.x.xx key "shared key"
tacacs-server host xxx.xx.x.xxx key "shared key"
no telnet-server
aaa accounting update periodic 10
aaa accounting commands interim-update tacacs
aaa accounting exec start-stop tacacs
aaa accounting system start-stop tacacs

aaa authentication web login radius
aaa authentication web enable radius

aaa authentication login privilege-mode
aaa authentication ssh login tacacs
aaa authentication ssh enable tacacs

 

 

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.