Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2612
Views
0
Helpful
4
Replies

TACACS+ for ISE CLI Login

Go to solution
Sathiyanarayanan Ravindran
Spotlight
Spotlight

‎12-11-2018 07:29 PM

Hello,

 

Am trying to configure TACACS+ for domain based authentication for ISE CLI. But am unable to acheive the same.Below is the configuration am performing at the ISE end.

 

username ad.1562798 password remote role admin

aaa authentication tacacs+ server 10.0.31.2 key authe

 

When ever I tried to login am not getting any logs. Am using the same server as TACACS+. Am I missing anything on configuration or TACACS+ login on CLI is not possible on ISE ?

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎12-11-2018 10:41 PM

Hi

As @Surendra mentioned, you can only use local database to authenticate on ISE CLI. Other methods aren't supported as far as i know (even on 2.4).
I've not checked yet on 2.5.

To be honest, it doesn't make sense to authenticate on himself (tacacs service) because it's stuck, you don't be able to access the Shell and it can be critical.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎12-11-2018 07:35 PM

Currently ISE supports only local authentication. You cannot authenticate CLI user using any other method.
Those commands are not even available on ISE. Are you sure you have executed these commands on the ISE CLI ? If yes, which version?
0 Helpful

Go to solution
Sathiyanarayanan Ravindran
Spotlight
Spotlight
In response to Surendra

‎12-11-2018 08:25 PM

Thanks Surendra,

 

Yes, I have executed this commands on the ISE CLI only. My current Version is 2.4.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

Go to solution
Sathiyanarayanan Ravindran
Spotlight
Spotlight
In response to Surendra

‎04-11-2019 03:16 PM

Finally got a solution for having external identity store for CLI login of ISE from version 2.6 :)

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/release_notes/b_ise_26_RN.html#id_97053

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎12-11-2018 10:41 PM

Hi

As @Surendra mentioned, you can only use local database to authenticate on ISE CLI. Other methods aren't supported as far as i know (even on 2.4).
I've not checked yet on 2.5.

To be honest, it doesn't make sense to authenticate on himself (tacacs service) because it's stuck, you don't be able to access the Shell and it can be critical.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents