01-14-2013 05:21 PM - last edited on 03-25-2019 05:29 PM by ciscomoderator
Hello,
Does ISE1.1 support TACACS/TACACS+ and H-REAP mode ?
Also, customer wants to have quick access to the corporate network with some few laptops without going through the Actice Directory? Any suggestion on this?
Thanks
Olu
01-14-2013 06:34 PM
Hi,
ISE does not support tacacs. You can create internal users within the ISE database and can assign them to the network.
Please provide the controller code that the customer is running with regards to your second question (hreap).
Thanks
Tarik Admani
*Please rate helpful posts*
01-15-2013 04:16 AM
Its 5508 WLC with version 7.2 on it.
For the last bit, i was thinking of using Pre-shared key on the WLC with the PSK only known to the Network Adminstrator and getting it changed frequently.
Let me know your thoughts about this.
Thanks
Olu
01-16-2013 01:19 AM
Will we require the use of the Active Directory (AD) if we use EAP-TLS or EAP-TTLS to authenticate users?
Olu
02-02-2013 02:17 PM
EAP-TLS does not rely on AD.
CA root cert is installed on ACS for trust and identity.
you can elect to Perform Binary Certificate Comparison with Certificate retrieved from LDAP or Active Directory
Users and Identity Stores > | Certificate Authentication Profile > | Edit: "CN Username" |
see the checkbox at the bottom.
I do EAP TLS machine auth only without integrating AD into the policy at all.
hth,
jk
05-15-2013 02:37 PM
No ISE 1.1 does not support tacacs+ but it is on the roadmap and will start supporting from ISE 2.0 which will release later next year.
05-15-2013 07:42 PM
ISE 2.0 onwards will start supporting tacacs+ but not current version
Sent from Cisco Technical Support Android App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide