cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

444
Views
5
Helpful
3
Replies
Highlighted
Beginner

TACACS+ authentication on ISE 2.3 with Base license

Hello everyone.

As I see from the ISE ordering guide the Device Administration license is needed to activate TACACS+ features. The question is will my ISE perform user authentication only as a TACACS+ server when running just Base license?

The set up as follows. I have a 2960 switch and ISE 2.3 (Base license) joined with the AD server. My goal is to allow AD users to access network devices. The plan is to specify the ISE address as a TACACS+ server in 2960 configuration and set some policies in the ISE to fine-tune access rules. Any chances?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

You need the Device Administration license if you want to use ISE as a TACACS server. Device Admin also requires a minimum order of 100 Base licenses (for versions prior to 3.0).

You can authenticate users to login to network devices using RADIUS with only Base licenses.

View solution in original post

3 REPLIES 3
Highlighted
VIP Mentor

Highlighted
Hall of Fame Guru

You need the Device Administration license if you want to use ISE as a TACACS server. Device Admin also requires a minimum order of 100 Base licenses (for versions prior to 3.0).

You can authenticate users to login to network devices using RADIUS with only Base licenses.

View solution in original post

Highlighted
Rising star

As @Marvin Rhoads mentioned, you need Device Administration license to run TACACS on ISE. Device Administration license runs on top of the base license. You can use ISE to allow admin accesses to the network devices through RADIUS, please take a look at my blog post here:

https://bluenetsec.com/priv-level-15-with-cisco-ise/