cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7289
Views
35
Helpful
20
Replies

ISE 2.0 and TACACs

Joana Manzano
Level 1
Level 1

Hi,

Does someone know when ISE release 2.0 is coming and if TACACs is going to be supported?

Thank you in advance.

Joana.

 

 

1 Accepted Solution

Accepted Solutions

Charlie Moreton
Cisco Employee
Cisco Employee

ISE will support most TACACS+ features in v1.5.  This release is targeted for November 2015.

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

View solution in original post

20 Replies 20

jan.nielsen
Level 7
Level 7

Don't hold your breath, it's gonna be a while.

This should help.

Configure ISE 2.0: IOS TACACS+ Authentication and Command Authorization based on AD group membership

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200208-Configure-ISE-2-0-IOS-TACACS-Authentic.html

nspasov
Cisco Employee
Cisco Employee

What Jan said. I have been deploying ISE solutions since version 1.0 (4 years ago) and back then it was said that TACACS+ is coming to 2.0. Well ISE is not on version 1.3 which really should be 4.0 based on the different enhancements that were put in place. 

To be honest, I have the feeling that TACACS+ might never make it in ISE. Nobody else is implementing TACACS+ and all vendors have moved towards the industry standard which is RADIUS. In addition, it is a 15 years old technology/code that Cisco has to maintain. I have also heard that some of the original TACACS+ developers are no longer around...No longer alive...so you get my point here. 

Anyways, with all of that being said, how are you using TACACS+ today? I have converted many customers to RADIUS and most of them are happy with what RADIUS has to offer. 

 

Thank you for rating helpful posts!

Hi,

Thank you for your answers.

Well, the thing is I want to use both for different purposes. It is not a matter of choosing one over another. They are different protocols with different features. I am talking about a Cisco-based network, therefore TACACS+ offers more granularity for AAA, more controlled access to administer network devices and it is more secure than RADIUS because the full session is encrypted. So from the point of view of administering Cisco network devices, we choose TACACS+ over RADIUS (we maintain our ACS boxes for TACACS+). However, we use ISE and RADIUS for Wireless and VPN authentication/authorization.
 
Thanks again for your advice.
 
Joana.

In that case you are stuck on either waiting for TACACS+ on ISE or get Cisco ACS :)

 

Thank you for rating helpful posts!

Amna Omar
Level 1
Level 1

Me too I need confirm it.

Joana Manzano
Level 1
Level 1

Hi,

Is there anybody from Cisco who can answer this question please?

Thank you.

Joana.

Charlie Moreton
Cisco Employee
Cisco Employee

ISE will support most TACACS+ features in v1.5.  This release is targeted for November 2015.

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

Charles,

Thank you  for your response. Much appreciated.

Regards,

Joana.

Thats great news Charles, i did not see that coming :-)

SURPRISE!!!

And no, I would not joke about this subject.  Even today.

RIP ACS :(

Thank you  for your response.

Hi Charles,

Just wanted to check if the ISE 1.5 release is still targeted for Nov or there is a change?

Regards,

Manoj