cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
973
Views
16
Helpful
5
Replies

ISE device management

Javier Glaz
Level 1
Level 1

Hello,

I know that Cisco ISE does not support TACACS+ yet. I cannot find if it can perform AAA for device management through Radius, or if it can only perform Network access control.

If I configure my switch with:

aaa authentication login default group radius

aaa authorization exec default group radius

Will I be able to assign privilege levels through Cisco ISE?

Regards,
Javier

1 Accepted Solution

Accepted Solutions

Hi,

I made a Authorization Profile with "Cisco:cisco-av-pair = shell:priv-lvl=15" & "Radius:Service-Type = Login". It seems to work.

//Philip

View solution in original post

5 Replies 5

Jatin Katyal
Cisco Employee
Cisco Employee

you may use cisco-av-pair or service-type attribute to assign the privileges to user/group.

Jatin Katyal
- Do rate helpful posts -

~Jatin

Hi,

I made a Authorization Profile with "Cisco:cisco-av-pair = shell:priv-lvl=15" & "Radius:Service-Type = Login". It seems to work.

//Philip

that's nice. Would appreciate if you can mark this thread resolved/answered. Would help other cummunity members.

Jatin Katyal
- Do rate helpful posts -

~Jatin

Thank you both, guys. You were really helpful.

Regards,

Javier

Ben Meagher
Level 1
Level 1

What would the C policy look like ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: