cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1259
Views
0
Helpful
2
Replies

Can use ISE to login to NAD with AD user credentials.

DekavitaD
Level 1
Level 1
 

 

 

Hi Expert,

 

When logging into a router or switch(NADs), is it possible to have the query go to the ISE, and the ISE go to the AD to query the user's credentials?

If so, would Device Administration (TACACS+) be required?
ISE version 3.0 and NADs are Cisco products.

 

 

 

image.png

 

Thanks,

2 Replies 2

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @DekavitaD,

Yes, it is possible. Most frequent way of doing this for me is using DeviceAdmin (TACACS+) between NAD and ISE, while ISE is integrated with AD in the backend. Authorization is done based on AD group membership, so daily adding or remove admin is as simple as adding a user to AD group.

You could do this with RADIUS as well, but TACACS as a protocol offers so much more, so I prefer doing it via tacacs.

You can find details in the ISE Device Administration Prescriptive Deployment Guide.

BR,

Milos

balaji.bandi
Hall of Fame
Hall of Fame

yes that is normal standard deploy across world. (most users resides in AD only and also in AD Group to control).

 

below guide help you :

 

https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-device-admin

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: