Re: Service arguments value when ISE 3rd party equipment tacacs are se - Page 2

CCC3 · ‎01-14-2024

When setting up third-party equipment tacacs in ise
If you look at the live log details, different service arguments are imported from vendor to vendor, such as cisco is shell and juniper is junos-exec.

Does anyone have any knowledge of Cisco-provided documents or personal knowledge of other third-party equipment (Alcatel) service devices?

CCC3 · ‎01-17-2024

I know it's effective to use the device type
but It is difficult to determine the device list currently in use.

Therefore, we will probably proceed with default device.
That's why I didn't mention the device type.

thomas · ‎01-19-2024

@Arne Bier , I'm confused now.

Is each line you show a unique Service-Argument value depending on the vendor + product + role ?

I can put each of these in my table for Service-Arguments directly?

Arne Bier · ‎01-19-2024

Those are examples from working solutions after much digging around the internet - unlike TACACS+ on IOS/IOS-XE, other vendor products have their own nuances. Most vendors only publish how to configure their systems to talk to a TACACS+ server - but 95% of the time they don't tell you what attributes the TACACS+ server should return. If you're lucky, you'll see some references to how Vendor X implemented TACACS+ on some ancient Cisco ACS system, or FreeRADIUS and then translate that into ISE.

I find that even a few keywords such as the ones I published, might be a good start for others to search for more details. I remember searching high and low for the F5 stuff.

CCC3 · ‎01-23-2024

Hello.

The fortinet, f5, and Riverbed in the ISE Device Administration attributes seem to be the tacacs profile custom attribute value for the tacacs setting of the third party equipment on the rise, not the service argument.

Service arguments value when ISE 3rd party equipment tacacs are set