Does ISE 1.1 support TACACS and H-REAP?

Wales007 · ‎01-14-2013

Hello,

Does ISE1.1 support TACACS/TACACS+ and H-REAP mode ?

Also, customer wants to have quick access to the corporate network with some few laptops without going through the Actice Directory? Any suggestion on this?

Thanks

Olu

Tarik Admani · ‎01-14-2013

Hi,

ISE does not support tacacs. You can create internal users within the ISE database and can assign them to the network.

Please provide the controller code that the customer is running with regards to your second question (hreap).

Thanks

Tarik Admani
*Please rate helpful posts*

Wales007 · ‎01-15-2013

Its 5508 WLC with version 7.2 on it.

For the last bit, i was thinking of using Pre-shared key on the WLC with the PSK only known to the Network Adminstrator and getting it changed frequently.

Let me know your thoughts about this.

Thanks

Olu

Wales007 · ‎01-16-2013

Will we require the use of the Active Directory (AD) if we use EAP-TLS or EAP-TTLS to authenticate users?

Olu

jkiehnle · ‎02-02-2013

EAP-TLS does not rely on AD.

CA root cert is installed on ACS for trust and identity.

you can elect to Perform Binary Certificate Comparison with Certificate retrieved from LDAP or Active Directory

Users and Identity Stores >

Certificate Authentication Profile >

Edit: "CN Username"

see the checkbox at the bottom.

I do EAP TLS machine auth only without integrating AD into the policy at all.

hth,

jk

vikasyad · ‎05-15-2013

No ISE 1.1 does not support tacacs+ but it is on the roadmap and will start supporting from ISE 2.0 which will release later next year.

pavan.gokarn · ‎05-15-2013

ISE 2.0 onwards will start supporting tacacs+ but not current version

Sent from Cisco Technical Support Android App