02-13-2017 09:15 AM
I support a customer who is attempting to deploy ISE/TACACs for device admin for the first time. They have a few questions on the device import process and to build the device repository in ISE.
Today they have 3000 devices they want to manage.
Per the ISE admin guide, they can download a csv template and fill it in with their data on their devices and then import it to ISE.
Thanks for your help.
Tony
02-13-2017 11:02 AM
02-13-2017 01:17 PM
OK, thank you at least this is considered common.
They are using ISE VMs, but will advise based on those appliance hardware specs for performance comparison.
Their real pain point is with the construction/entry or filling out of the spreadsheet to get it ready for import. Is there anything to help there?
We were just told to upgrade to ISE 2.2 due to hitting a couple of bugs (Deny All Shell profile does not send fail and authorization does not work in 2.1) Based on the bug that you mention above in ISE 2.2, they will be impacted on importing all of the WSA's and FirePower device since they support RADIUS only and not TACACs.
Do you know when ISE 2.2 will be patched?
Thanks.
02-13-2017 03:21 PM
I've unicast you some more info.
02-13-2017 05:10 PM
Could you also unicast the info you just hinted? pzhou@prosysis.com I'm also planing to import 3k NADs for both radius and T+, along with the NAD groups. I'm interested in all aspects in this regard. Thanks in advance.
02-13-2017 05:15 PM
The bug has not been committed to a patch yet. If it important for you to get the fix, please open a TAC case and request for the hot patch.
There are two workarounds,
1. to put a dummy RADIUS shared secret for any device without it.
2. to use ISE ERS API for NAD.
05-10-2017 05:49 PM
On a clean install of ISE 2.2 and apply patch 1 I tested an import of a TACACS device with no Radius details - and it worked. I am curious what provokes this bug, because I have not experienced it
I would have attached my .csv but there is no option. So below is the line in the .csv that was imported without any errors.
TACACS_only_device,TACACS test client,1.1.1.1/32,,,Device Type#All Device Types|IPSEC#Is IPSEC Device#No|Location#All Locations#VM_Lab,,,,,,,,,,,,,,,,,,,,,,,,,,ENABLE_USING_COA,,,,,,,,TACACSpwd123,ON_LEGACY,Cisco,1700,FALSE,2083,
05-10-2017 05:59 PM
If it regarding CSCvc16661, its fix is part of 2.2 Patch 1.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide