Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1861
Views
1
Helpful
3
Replies

Device Support for TACACS Functionality on ISE 2.1

Go to solution
Runner888
Level 4
Level 4

‎10-13-2016 06:24 AM

Hi All--I have a couple of questions regarding TACACS in ISE as I'm in the planning stage to migrate from ACS 5.8 to ISE 2.1.

1) Does anyone know if there is documentation available listing devices (Cisco and non-Cisco) that are supported for TACACS functionality in ISE 2.1? I know there's a device compatibility listing for ISE but I don't believe it includes TACACS functionality.

2) Can I export/import AAA clients in ISE to a CSV file much like ACS?

3) Similar to question #2, can I import the AAA client list that was exported from ACS and imported into ISE?

Thanks in advance.

~Keith

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-13-2016 06:42 AM

1. T+ is part of AAA.

2. Yes. We would export both the network device groups and the network devices.

3. Yes, but the CSV files from ACS need modifying so that columns matched with the CSV import templates of the target ISE release.

Screen Shot 2016-10-13 at 6.40.52 AM.png

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-13-2016 06:42 AM

1. T+ is part of AAA.

2. Yes. We would export both the network device groups and the network devices.

3. Yes, but the CSV files from ACS need modifying so that columns matched with the CSV import templates of the target ISE release.

Screen Shot 2016-10-13 at 6.40.52 AM.png

0 Helpful

Go to solution
Runner888
Level 4
Level 4
In response to hslai

‎10-13-2016 09:37 PM

Hi--Thanks again for the info and screenshot. For my clarification to question #1 in terms of device compatibility support for TACACS, are you saying that whatever is listed in the "Cisco Identity Services Engine Network Component Compatibility, Release 2.X" doc under "Table 1 Supported Network Access Devices" in the AAA column applies to TACACS? If that is the case, then it is a very short list of support devices for TACACS functionality in ISE 2.1. I notice that some Cisco devices were not listed such as Nexus, ASA or ASR routers not to mention other non-Cisco device models. Does this mean I won't be able to leverage ISE's TACACS functionality to manage Nexus, ASA, and/or ASR devices? I hope this is not the case--otherwise it's a show stopper for those who are looking to replace ACS with ISE 2.1.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Runner888

‎10-14-2016 07:30 AM

For IOS devices, you may expect T+ to work according to the matrix. You are correct that T+ support list a lot longer and to include NX-OS, PI, etc., as it needs no DACL, url redirects, and so on, as the RADIUS counterpart for endpoints.

0 Helpful
Customers Also Viewed These Support Documents