Cisco ISE authentication for EfficientIP IPAM solution

pranav nandgaonkar · ‎06-26-2020

Hello,

I want to use Cisco ISE as authentication server for Efficient IP IPAM solution.

Could not find any config guide regarding the same using TACACS & RADIUS..

Any help could be appreciated.

Thanks in advance!

Arne Bier · ‎07-19-2020

Hello @pranav nandgaonkar

As long as the EfficientIP IPAM product supports standards-based RADIUS/TACACS+ then anything is possible in ISE.

The trick is to find out what attributes the IPAM application expects to receive back for a particular role, e.g. Super User, or Operator User, etc.

They don't seem to make their docs available without a login - so you would have to ask them for the RADIUS and/or TACACS+ attributes that a AAA server should return.

In the meantime, do some reverse engineering by configuring the IPAM to use ISE (does it support RADIUS or TACACS+) and then add the IPAM in the ISE Device List. Then perform some authentication tests while running a tcpdump in ISE via the Admin node GUI Menu:

/Operations/Troubleshoot/Diagnostic Tools/TCP Dump

Analyse the tcpdump in Wireshark to see what the requests look like. In the absence of detailed documentation, that is how I would approach it.

Cisco ISE authentication for EfficientIP IPAM solution

Doc - Implementación y Configuración de Cisco ISE

CISCO ISE EAP-TLS AUTHENTICATION

Doc-Cisco ISE Posture p/ VPN de Acceso Remoto con Cisco Secure Client

Troubleshoot Cisco ISE

Cisco ISE and Microsoft Windows Autopilot