cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1557
Views
5
Helpful
3
Replies

TACACS+ authentication on ISE 2.3 with Base license

ozzyBLR
Beginner
Beginner

Hello everyone.

As I see from the ISE ordering guide the Device Administration license is needed to activate TACACS+ features. The question is will my ISE perform user authentication only as a TACACS+ server when running just Base license?

The set up as follows. I have a 2960 switch and ISE 2.3 (Base license) joined with the AD server. My goal is to allow AD users to access network devices. The plan is to specify the ISE address as a TACACS+ server in 2960 configuration and set some policies in the ISE to fine-tune access rules. Any chances?

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

You need the Device Administration license if you want to use ISE as a TACACS server. Device Admin also requires a minimum order of 100 Base licenses (for versions prior to 3.0).

You can authenticate users to login to network devices using RADIUS with only Base licenses.

View solution in original post

3 Replies 3

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

You need the Device Administration license if you want to use ISE as a TACACS server. Device Admin also requires a minimum order of 100 Base licenses (for versions prior to 3.0).

You can authenticate users to login to network devices using RADIUS with only Base licenses.

Aref Alsouqi
Collaborator
Collaborator

As @Marvin Rhoads mentioned, you need Device Administration license to run TACACS on ISE. Device Administration license runs on top of the base license. You can use ISE to allow admin accesses to the network devices through RADIUS, please take a look at my blog post here:

https://bluenetsec.com/priv-level-15-with-cisco-ise/

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers