cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1738
Views
0
Helpful
4
Replies

TACACS+ for ISE CLI Login

Hello,

 

Am trying to configure TACACS+ for domain based authentication for ISE CLI. But am unable to acheive the same.Below is the configuration am performing at the ISE end.

 

username ad.1562798 password remote role admin

aaa authentication tacacs+ server 10.0.31.2 key authe

 

When ever I tried to login am not getting any logs. Am using the same server as TACACS+. Am I missing anything on configuration or TACACS+ login on CLI is not possible on ISE ?

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
1 Accepted Solution

Accepted Solutions

Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
Hi

As @Surendra mentioned, you can only use local database to authenticate on ISE CLI. Other methods aren't supported as far as i know (even on 2.4).
I've not checked yet on 2.5.

To be honest, it doesn't make sense to authenticate on himself (tacacs service) because it's stuck, you don't be able to access the Shell and it can be critical.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

4 Replies 4

Surendra
Cisco Employee
Cisco Employee
Currently ISE supports only local authentication. You cannot authenticate CLI user using any other method.
Those commands are not even available on ISE. Are you sure you have executed these commands on the ISE CLI ? If yes, which version?

Thanks Surendra,

 

Yes, I have executed this commands on the ISE CLI only. My current Version is 2.4.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Finally got a solution for having external identity store for CLI login of ISE from version 2.6 :)

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/release_notes/b_ise_26_RN.html#id_97053

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
Hi

As @Surendra mentioned, you can only use local database to authenticate on ISE CLI. Other methods aren't supported as far as i know (even on 2.4).
I've not checked yet on 2.5.

To be honest, it doesn't make sense to authenticate on himself (tacacs service) because it's stuck, you don't be able to access the Shell and it can be critical.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers