Security

 View Only

  • 1.  Replacing CiscoACS with ClearPass

    Posted Dec 27, 2018 10:17 AM

    We are in the process of replacing Cisco ACS with ClearPass for TACACS authenticaion on our switches.  We came back from Xmas break to find our Cisco ACS server deader than a doornail.  I am wondering if we could add the IP of the old Cisco ACS server to the new Clearpass server and have it take over Radius request  for the swtiches.  

    It's been awhile since I have set this up but I'm thinking there will be a shared secret between the switches and the old Cisco ACS to handle encryption.  So, why couldn't we setup the ClearPass server the same way as the old ACS server to work around this problem without having to console into every switch we have to reconfigure them?

     

    Thanks

     

    John

     

     



  • 2.  RE: Replacing CiscoACS with ClearPass

    Posted Dec 28, 2018 05:39 AM

    https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=7658

     

    Follow the Technote doucment to create Tacacs service in CPPM, using same IP of ACS to CPPM does not help. We have to add switch IP details in CPPM and vice versa with same shared secret key and create tacacs service with authentication source and send proper role in enforcement profile.



Related Content