cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

126
Views
0
Helpful
2
Replies
DekavitaD
Beginner

Can use ISE to login to NAD with AD user credentials.

 

 

 

Hi Expert,

 

When logging into a router or switch(NADs), is it possible to have the query go to the ISE, and the ISE go to the AD to query the user's credentials?

If so, would Device Administration (TACACS+) be required?
ISE version 3.0 and NADs are Cisco products.

 

 

 

image.png

 

Thanks,

2 REPLIES 2
Milos_Jovanovic
Collaborator

Hi @DekavitaD,

Yes, it is possible. Most frequent way of doing this for me is using DeviceAdmin (TACACS+) between NAD and ISE, while ISE is integrated with AD in the backend. Authorization is done based on AD group membership, so daily adding or remove admin is as simple as adding a user to AD group.

You could do this with RADIUS as well, but TACACS as a protocol offers so much more, so I prefer doing it via tacacs.

You can find details in the ISE Device Administration Prescriptive Deployment Guide.

BR,

Milos

balaji.bandi
VIP Master

yes that is normal standard deploy across world. (most users resides in AD only and also in AD Group to control).

 

below guide help you :

 

https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-device-admin

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Create
Recognize Your Peers
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards