04-08-2013 06:48 AM - edited 03-10-2019 08:17 PM
Hi buddies,
Is there any way to set up our ISE to provide Radius instead of acting as Radius Proxy? In our Company we use ACS 4.2 to provide AAA via Tacacs+ and this works proper with all our Cisco-Switches. Now we are testing the ISE 1.1.1 as NAC-Solution.
I know how to set up the ISE as 'Radius Proxy', configuring the Sequences and Policies, but till now we are using only Tacacs+ for AAA. The current version of ISE does not support Tacacs+ and I don't want to set up a Radius-enviroment in ACS if not necessary. Somewhere ( I think the specs) I read, the ISE is a merge of ACS and NAC. So in my Opinion there should be a way to provide AAA via Radius on the ISE without ACS and without 'Radius Proxy'.
Am i right with that? An if yes, how can i do this?
Thanks
04-08-2013 11:22 AM
Please find this cisco link: http://www.cisco.com/en/US/docs/security/ise/1.0.4/user_guide/ise10_sw_cnfg.html.
04-10-2013 12:00 AM
Hi,
Thanks but I tried this allready and it doesn't work. Also my question is more about configuring the ISE than the switches. To get a better understanding of my problem: I want to create a user/password-combo on the ISE. Then I want to connect to my switch via console and ssh. At this point I want to use the created user and the switch has to ask the ISE if this user is authorized to 'enable' or some other stuff.
With my ACS and Tacacs+ this works very proper, but in future I want to shut down the ACS. At this Point the ISE shall do the work.
Even some parts in the switch-config seem strange to me. In the part of the 'RADIUS Server Configuration' I have to add the 'radius-server host
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide