Cisco ISE authentication for EfficientIP IPAM solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2020 02:34 AM
Hello,
I want to use Cisco ISE as authentication server for Efficient IP IPAM solution.
Could not find any config guide regarding the same using TACACS & RADIUS..
Any help could be appreciated.
Thanks in advance!
- Labels:
-
AAA
-
Identity Services Engine (ISE)

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2020 06:46 PM
Hello @pranav nandgaonkar
As long as the EfficientIP IPAM product supports standards-based RADIUS/TACACS+ then anything is possible in ISE.
The trick is to find out what attributes the IPAM application expects to receive back for a particular role, e.g. Super User, or Operator User, etc.
They don't seem to make their docs available without a login - so you would have to ask them for the RADIUS and/or TACACS+ attributes that a AAA server should return.
In the meantime, do some reverse engineering by configuring the IPAM to use ISE (does it support RADIUS or TACACS+) and then add the IPAM in the ISE Device List. Then perform some authentication tests while running a tcpdump in ISE via the Admin node GUI Menu:
/Operations/Troubleshoot/Diagnostic Tools/TCP Dump
Analyse the tcpdump in Wireshark to see what the requests look like. In the absence of detailed documentation, that is how I would approach it.
