cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1860
Views
1
Helpful
3
Replies

Device Support for TACACS Functionality on ISE 2.1

Runner888
Level 4
Level 4

Hi All--I have a couple of questions regarding TACACS in ISE as I'm in the planning stage to migrate from ACS 5.8 to ISE 2.1.

1) Does anyone know if there is documentation available listing devices (Cisco and non-Cisco) that are supported for TACACS functionality in ISE 2.1? I know there's a device compatibility listing for ISE but I don't believe it includes TACACS functionality.

2) Can I export/import AAA clients in ISE to a CSV file much like ACS?

3) Similar to question #2, can I import the AAA client list that was exported from ACS and imported into ISE?

Thanks in advance.

~Keith

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

1. T+ is part of AAA.

2. Yes. We would export both the network device groups and the network devices.

3. Yes, but the CSV files from ACS need modifying so that columns matched with the CSV import templates of the target ISE release.

Screen Shot 2016-10-13 at 6.40.52 AM.png

View solution in original post

3 Replies 3

hslai
Cisco Employee
Cisco Employee

1. T+ is part of AAA.

2. Yes. We would export both the network device groups and the network devices.

3. Yes, but the CSV files from ACS need modifying so that columns matched with the CSV import templates of the target ISE release.

Screen Shot 2016-10-13 at 6.40.52 AM.png

Hi--Thanks again for the info and screenshot. For my clarification to question #1 in terms of device compatibility support for TACACS, are you saying that whatever is listed in the "Cisco Identity Services Engine Network Component Compatibility, Release 2.X" doc under "Table 1 Supported Network Access Devices" in the AAA column applies to TACACS? If that is the case, then it is a very short list of support devices for TACACS functionality in ISE 2.1. I notice that some Cisco devices were not listed such as Nexus, ASA or ASR routers not to mention other non-Cisco device models. Does this mean I won't be able to leverage ISE's TACACS functionality to manage Nexus, ASA, and/or ASR devices? I hope this is not the case--otherwise it's a show stopper for those who are looking to replace ACS with ISE 2.1.

For IOS devices, you may expect T+ to work according to the matrix. You are correct that T+ support list a lot longer and to include NX-OS, PI, etc., as it needs no DACL, url redirects, and so on, as the RADIUS counterpart for endpoints.