06-04-2013 11:33 AM - edited 03-10-2019 08:30 PM
Hello,
I know that Cisco ISE does not support TACACS+ yet. I cannot find if it can perform AAA for device management through Radius, or if it can only perform Network access control.
If I configure my switch with:
aaa authentication login default group radius
aaa authorization exec default group radius
Will I be able to assign privilege levels through Cisco ISE?
Regards,
Javier
Solved! Go to Solution.
06-07-2013 04:32 AM
Hi,
I made a Authorization Profile with "Cisco:cisco-av-pair = shell:priv-lvl=15" & "Radius:Service-Type = Login". It seems to work.
//Philip
06-04-2013 12:21 PM
you may use cisco-av-pair or service-type attribute to assign the privileges to user/group.
Jatin Katyal
- Do rate helpful posts -
06-07-2013 04:32 AM
Hi,
I made a Authorization Profile with "Cisco:cisco-av-pair = shell:priv-lvl=15" & "Radius:Service-Type = Login". It seems to work.
//Philip
06-07-2013 04:39 AM
that's nice. Would appreciate if you can mark this thread resolved/answered. Would help other cummunity members.
Jatin Katyal
- Do rate helpful posts -
06-07-2013 05:15 AM
Thank you both, guys. You were really helpful.
Regards,
Javier
09-18-2013 01:21 PM
What would the C policy look like ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: