Solved: ISE Admin Login

chunhwon · ‎08-18-2017

Hi All,

have checked that external identity source didn't include TACACS+ (AD, LDAP, ODBC, Radius token, RSA SecureID and SAML supported), just wonder if ISE admin login authentication can support TACACS+?

Many thanks,
CH

hslai · ‎08-18-2017

Neither ISE admin web UI or CLI is currently supporting TACACS+. If you have customers interested on such, please contact our PM team.

The aaa configuration command appears accidentally exposed in some particular ISE version/patch combination but never supported officially.

View solution in original post

Charlie Moreton · ‎08-18-2017

Currently, for the Web GUI, you can choose from the External Identity Sources that can be found at Administration > Identity Management > External Identity Sources (excluding Social Login in v2.3). TACACS+ is not listed and cannot be leveraged for login at the Admin Portal.

The Identity Sources used for the Admin Portal do not include servers added to Work Centers > Device Administration > Network Resources > TACACS External Servers and therefore, cannot be leveraged.

From CLI, You can configure the command aaa authentication tacacs+ server <IP or hostname> key <TACACS Shared Secret>, but this will only be for CLI login.

hslai · ‎08-18-2017

Neither ISE admin web UI or CLI is currently supporting TACACS+. If you have customers interested on such, please contact our PM team.

The aaa configuration command appears accidentally exposed in some particular ISE version/patch combination but never supported officially.