Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1064
Views
0
Helpful
8
Replies

ISE Device Administration (TACACS+)

Go to solution
Caijones17
Level 1
Level 1

‎11-19-2018 12:11 AM

Hi,

 

I have imported multiple network devices to ISE 2.4 and I was wondering if there was a way to add TACACS authentication and shared secret to multiple devices at once. I can add them individually but since I have a large number of network devices it will be tedious. There seems to be a bug when trying to import a .csv and choosing any protocol apart from RADIUS.

 

Cheers.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Nadav
Level 7
Level 7

‎11-19-2018 01:34 AM

Hi,

 

I can attest that for ISE 2.4 P4 I've been able to import both TACACS+ and RADIUS endpoints, so if you are having issues with it you may want to try importing just one device and see why it's having issues. 

View solution in original post

0 Helpful

Go to solution
Nadav
Level 7
Level 7
In response to Caijones17

‎11-19-2018 10:26 AM

That's because Protocol is for RADIUS, not TACACS+. If you want that device to have RADIUS, add RADIUS under Protocol.

For TACACS+ you have different fields to populate, such as Shared Secret and Connect Mode Options.

 

Honestly, it would be easiest to create a single device for TACACS+ in your ISE, export to CSV from the GUI, and use that as a template. 

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Aravind Ravichandran
Level 3
Level 3

‎11-19-2018 12:48 AM

Hi,

You can try Rest API to add the network devices to ISE.

POST https://ISE-IP:9060/ers/config/networkdevice

 

-Aravind

-Aravind
0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎11-19-2018 01:30 AM

I was going to suggest import but since you said a bug the only method left
is using a script (such as python) to connect to ISE ERS, read the data
from your csv, format it as json and create the devices. This is pretty
fast and will do the trick. ISE has an API for network devices.
0 Helpful

Go to solution
Nadav
Level 7
Level 7

‎11-19-2018 01:34 AM

Hi,

 

I can attest that for ISE 2.4 P4 I've been able to import both TACACS+ and RADIUS endpoints, so if you are having issues with it you may want to try importing just one device and see why it's having issues. 

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to Nadav

‎11-19-2018 01:38 AM

Also confirm, no issues here. 

0 Helpful

Go to solution
Caijones17
Level 1
Level 1
In response to Nadav

‎11-19-2018 10:22 AM

  • "1) test Failed Illegal value TACACS for Protocol"

This is the output I receive. My next step is to use the API but I thought I would try here first, any help is appreciated.

 

Thanks.

0 Helpful

Go to solution
Nadav
Level 7
Level 7
In response to Caijones17

‎11-19-2018 10:26 AM

That's because Protocol is for RADIUS, not TACACS+. If you want that device to have RADIUS, add RADIUS under Protocol.

For TACACS+ you have different fields to populate, such as Shared Secret and Connect Mode Options.

 

Honestly, it would be easiest to create a single device for TACACS+ in your ISE, export to CSV from the GUI, and use that as a template. 

0 Helpful

Go to solution
Caijones17
Level 1
Level 1
In response to Nadav

‎11-19-2018 11:31 AM - edited ‎11-19-2018 11:54 AM

Sorted, thanks.

 

 

 

0 Helpful

Go to solution
Nadav
Level 7
Level 7
In response to Caijones17

‎11-19-2018 11:41 AM

That's because if you add Protocol, it's mandatory. If you are only adding TACACS+ without RADIUS, you won't even have a Protocol field to begin with.

 

I strongly suggest you make a network device or two only for TACACS+ directly in ISE, then export those two. Use that as a template.

0 Helpful
Customers Also Viewed These Support Documents