Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9015
Views
40
Helpful
11
Replies

Does FMC/FTD support ISE Tacacs+ device administration

Go to solution
laurathaqi
Level 3
Level 3

‎04-29-2021 03:51 AM

Hi all,

 

Do you know if FMC and FTD support ISE Tacacs+ device administration integration? So far, I did the router/switch and ASA integrations, but not able to find resources for the noted FTD and FMC ones!

 

Looking forward to hearing any thoughts or suggestions. 

 

Thank you,

Laura 

0 Helpful
5 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-29-2021 04:12 AM

how about using Radius ? as of i have tested 6.2

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/200204-Integration-of-FireSIGHT-System-with-ACS.html

 

May be need to read what 6.7 (any update on that)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Rob Ingram
VIP
VIP

‎04-29-2021 04:33 AM

@laurathaqi 

No TACACS+ is still not supported on the FMC, you can use RADIUS.

Use the "class" RADIUS attributes in AuthZ profiles.

 

Class=Administrator

or

Class=SecAnalyst

 

And map these to roles in the FMC (System > Users > External Authentication).

So for example on the FMC if you want to configure the Security Analyst role then define Class=SecAnalyst or for administrator role define Class=Administrator.

HTH

View solution in original post

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to laurathaqi

‎04-29-2021 05:17 AM

Its for both, you can use Radius only with Attributes mentioned also provided link have all the information

 

any issue please let us know, happy to assists further.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Rob Ingram
VIP
VIP
In response to laurathaqi

‎04-29-2021 05:28 AM

The RADIUS attributes values previously provided where for FMC. Use the following in AuthZ profile for FTDs

 

"Radius:Service-Type = Administrative (6)" << for Administrator
"Radius:Service-Type = Login (1)" << for non-administrator

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-29-2021 07:49 AM

As the others have noted - plus make sure you tick the box to include shell authentication to make the setting apply to the cli logins on FMC and FTD. That's not selected by default.

View solution in original post

11 Replies 11

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-29-2021 04:12 AM

how about using Radius ? as of i have tested 6.2

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/200204-Integration-of-FireSIGHT-System-with-ACS.html

 

May be need to read what 6.7 (any update on that)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Rob Ingram
VIP
VIP

‎04-29-2021 04:33 AM

@laurathaqi 

No TACACS+ is still not supported on the FMC, you can use RADIUS.

Use the "class" RADIUS attributes in AuthZ profiles.

 

Class=Administrator

or

Class=SecAnalyst

 

And map these to roles in the FMC (System > Users > External Authentication).

So for example on the FMC if you want to configure the Security Analyst role then define Class=SecAnalyst or for administrator role define Class=Administrator.

HTH

Go to solution
laurathaqi
Level 3
Level 3

‎04-29-2021 04:49 AM

Hi @Rob Ingram @balaji.bandi 

 

Thank you for your feedback! Highly appreciated. Due to limited testing resources, I need to ask you if this is valid for only FMC or also FTD's?!

 

The solution you described, I found it on portals, as a solution to be enabling FMC GUI Authentication. My intentions are to do that for the CLI access of both FMC and also two FTDs 

 

Looking forward to hearing from you. 

 

Thank you,

Laura 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to laurathaqi

‎04-29-2021 05:17 AM

Its for both, you can use Radius only with Attributes mentioned also provided link have all the information

 

any issue please let us know, happy to assists further.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Rob Ingram
VIP
VIP
In response to laurathaqi

‎04-29-2021 05:28 AM

The RADIUS attributes values previously provided where for FMC. Use the following in AuthZ profile for FTDs

 

"Radius:Service-Type = Administrative (6)" << for Administrator
"Radius:Service-Type = Login (1)" << for non-administrator

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-29-2021 07:49 AM

As the others have noted - plus make sure you tick the box to include shell authentication to make the setting apply to the cli logins on FMC and FTD. That's not selected by default.

Go to solution
laurathaqi
Level 3
Level 3

‎05-05-2021 05:16 AM

Dear community, 

 

Thank you very much for the support provided. I have followed your advices and resulted in a successful integration. 

 

This community is awesome. 

 

Thank you,

Laura 

0 Helpful

Go to solution
samarthashetty
Level 1
Level 1

‎07-14-2022 08:32 AM

Hi Experts,

Is this supported in ver 6.7?

 

-Samarth

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to samarthashetty

‎07-14-2022 08:40 AM

No it's not supported in any version - even in the latest version 7.2.

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to samarthashetty

‎07-14-2022 08:40 AM

as per @laurathaqi input that works.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
samarthashetty
Level 1
Level 1
In response to balaji.bandi

‎07-14-2022 08:53 AM

@balaji.bandi  was that not for Radius?

 

-samarth

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents