cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1194
Views
12
Helpful
4
Replies

ISE 3.1 Difference between Policy sets and Device Admin Policy sets

isp3799
Level 1
Level 1

hello.

I am configuring TACACS+ and RADIUS authentication service on ISE 3.1.
First of all, the RADIUS authentication policy is configured in Policy Sets.
However, looking at other sources, it appears that the TACACS+ authentication policy is configured in Device Admin Policy Sets.

I was wondering what is the difference between Device Admin Policy Sets and Policy Sets.

2 Accepted Solutions

Accepted Solutions

@isp3799 the Policy Sets are for RADIUS authenticated sessions such as 802.1x / MAB wired and wireless connections or Remote Access VPN connections.

Where as Device Admin Policies Sets are for TACACS+ authenticated sessions, for device management of switch, routers etc.

View solution in original post

Policy Sets are for RADIUS traffic.  UDP/1812

Device Admin Policy sets are for TACACS+. TCP/49

View solution in original post

4 Replies 4

@isp3799 the Policy Sets are for RADIUS authenticated sessions such as 802.1x / MAB wired and wireless connections or Remote Access VPN connections.

Where as Device Admin Policies Sets are for TACACS+ authenticated sessions, for device management of switch, routers etc.

Policy Sets are for RADIUS traffic.  UDP/1812

Device Admin Policy sets are for TACACS+. TCP/49

romeog
Level 1
Level 1

So basically, it should be "RADIUS Policy Sets" and "TACACS Policy Sets", because in reality, RADIUS is very often used for Device Admin Access. This has caused a LOT of wasted man hours. Just saying....

 

Yeah sure, TACACS+ is device admin only. RADIUS can be client authc/authz and device admin for devices that don’t support TACACS+.