cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

5233
Views
35
Helpful
20
Replies
Highlighted
Beginner

ISE 2.0 and TACACs

Hi,

Does someone know when ISE release 2.0 is coming and if TACACs is going to be supported?

Thank you in advance.

Joana.

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

ISE will support most TACACS+

ISE will support most TACACS+ features in v1.5.  This release is targeted for November 2015.

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

View solution in original post

20 REPLIES 20
Highlighted
Rising star

Don't hold your breath, it's

Don't hold your breath, it's gonna be a while.

Highlighted
Cisco Employee

This should help.

This should help.

Configure ISE 2.0: IOS TACACS+ Authentication and Command Authorization based on AD group membership

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200208-Configure-ISE-2-0-IOS-TACACS-Authentic.html

Highlighted
Cisco Employee

What Jan said. I have been

What Jan said. I have been deploying ISE solutions since version 1.0 (4 years ago) and back then it was said that TACACS+ is coming to 2.0. Well ISE is not on version 1.3 which really should be 4.0 based on the different enhancements that were put in place. 

To be honest, I have the feeling that TACACS+ might never make it in ISE. Nobody else is implementing TACACS+ and all vendors have moved towards the industry standard which is RADIUS. In addition, it is a 15 years old technology/code that Cisco has to maintain. I have also heard that some of the original TACACS+ developers are no longer around...No longer alive...so you get my point here. 

Anyways, with all of that being said, how are you using TACACS+ today? I have converted many customers to RADIUS and most of them are happy with what RADIUS has to offer. 

 

Thank you for rating helpful posts!

Highlighted
Beginner

Hi,Thank you for your answers

Hi,

Thank you for your answers.

Well, the thing is I want to use both for different purposes. It is not a matter of choosing one over another. They are different protocols with different features. I am talking about a Cisco-based network, therefore TACACS+ offers more granularity for AAA, more controlled access to administer network devices and it is more secure than RADIUS because the full session is encrypted. So from the point of view of administering Cisco network devices, we choose TACACS+ over RADIUS (we maintain our ACS boxes for TACACS+). However, we use ISE and RADIUS for Wireless and VPN authentication/authorization.
 
Thanks again for your advice.
 
Joana.
Highlighted
Cisco Employee

In that case you are stuck on

In that case you are stuck on either waiting for TACACS+ on ISE or get Cisco ACS :)

 

Thank you for rating helpful posts!

Highlighted
Beginner

Me too I need confirm it.

Me too I need confirm it.

Beginner

Hi,Is there anybody from

Hi,

Is there anybody from Cisco who can answer this question please?

Thank you.

Joana.

Highlighted
Cisco Employee

ISE will support most TACACS+

ISE will support most TACACS+ features in v1.5.  This release is targeted for November 2015.

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

View solution in original post

Highlighted
Beginner

Charles,Thank you  for your

Charles,

Thank you  for your response. Much appreciated.

Regards,

Joana.

Highlighted
Rising star

Thats great news Charles, i

Thats great news Charles, i did not see that coming :-)

Highlighted
Cisco Employee

SURPRISE!!!And no, I would

SURPRISE!!!

And no, I would not joke about this subject.  Even today.

Highlighted
Cisco Employee

RIP ACS :(

RIP ACS :(

Highlighted
Beginner

Thank you  for your response.

Thank you  for your response.

Highlighted
Beginner

Hi Charles,Just wanted to

Hi Charles,

Just wanted to check if the ISE 1.5 release is still targeted for Nov or there is a change?

Regards,

Manoj