09-19-2017 12:55 AM
What is the best practice/process to make sure someone does not inadvertently remove the NAC configuration from a user port? Is there a method to monitor the ports set up for NAC and alert if they are changed?
Solved! Go to Solution.
09-19-2017 10:21 AM
TACACS with command authorization and accounting will 1) validate user authorized to make change, 2) Log changes by command by admin.
Craig
09-19-2017 10:21 AM
TACACS with command authorization and accounting will 1) validate user authorized to make change, 2) Log changes by command by admin.
Craig
09-20-2017 01:11 PM
hmmmm-So is there documentation or any more detail on how to do this? And also if I understand correctly you are saying there is no ability to alert on a configuration change?
09-20-2017 02:01 PM
I am making the assumption that "user ports" is referring to switch port configuration, or the ports on the network access device. TACACS configuration on switch should be covered in the switch docs. For example, to configure TACACS+ on a Catalyst 3850, you can quickly get links from Cisco.com search, or Google, example: LMGTFY
For ISE configuration of T+, this is covered in ISE documentation. Example: Cisco Identity Services Engine Administrator Guide, Release 2.3 - Control Device Administration Using TACACS+ [Cisco I…
ISE does log and provide reports based on TACACS+ or RADIUS events for device admin access, but ISE does not alarm on these events. This is more of the realm of the network device management system. It is possible to generate SNMP traps from switches when config is changed:
https://www.petri.com/notified-cisco-router-configuration-change
Config Management SNMP Trap - Cisco Support Community
Your SNMP Management system can then generate the desired alert.
Craig
09-20-2017 02:03 PM
ISE does not manage configurations of network devices. Please look for others, such as Cisco Prime Infrastructure -- Comparing Current and Previous Device Configurations
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide