Cisco ISE – TACACS authentication

TACACS authentication in Cisco ISE was released in version 2.0. The feature requires a device administration license for the feature to be enabled.

Once the device administration license has been applied, select the checkbox for it under Administration – Deployment and select the ISE nodes.

The next step would be to import your network devices. In particular, Cisco ISE requires the hostname, IP address and TACACS shared secret. There is a template for bulk importing.

Now to tell your network devices to use TACACS authentication for authentication and/or authorisation. Use the TACACS host command and point to ISE servers and configure network devices for the TACACS shared secret.

You must now create a device administration policy which should consist of who can authenticate e.g. Internal/Active directory users and what those users are permitted to access in regards to authorisation. This can be found under Work Centre.

Real time TACACS authentication and authorisation can be viewed and monitored by selecting Operations – TACACS live log.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s