Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
214
Views
3
Helpful
4
Replies

Using ISE to authenticate a Juniper Switch

Go to solution
KMNRuser
Level 1
Level 1

‎04-08-2025 06:36 AM

Community,

We have a Juniper Core switch model qfx5100-48s-6q in our environment.  All of our other switches are Cisco.  We are currently rolling out ISE to use for TACACS+ authentication.  Currently the Juniper is configured in Aruba Clearpass which we are replacing with the Cisco ISE.  I am trying to determine if i can create a Juniper Device in ISE under Network Devices, and have it authenticate to ISE vs. Clearpass.  Does anyone else have experience authenticating Juniper devices within Cisco ISE?  

To me it looks like i could simply modify the commands already configured on the Juniper that allow it to talk to Aruba Clearpass, which are: 

set system tacplus-server 192.168.1.163 port 49

set system tacplus-server 192.168.1.163 secret "XXXXXXXXXXXXXXXXXXX"

set system tacplus-server 192.168.1.163 single-connection

set system tacplus-server 192.168.1.163 source-address 10.1.0.3

 

Thank you,

KMNRUser

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎04-08-2025 09:38 AM - edited ‎04-08-2025 10:17 AM

You can update that, just make sure to create the NAD in ISE using the Juniper profile. We have some older Juniper switches/routes that are using ISE as TACACS. I have attached the Juniper dictionary if you don't have that and the network device profile you will need to import if you also don't have that.

-Scott
*** Please rate helpful posts ***

View solution in original post

Juniper.zip
4 Replies 4

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎04-08-2025 09:10 AM

 

  - FYI : https://www.juniper.net/documentation/us/en/software/nce/nce-213_ex_and_cisco_ise/topics/topic-map/nce-213-ex-series-switch-cisco-ise.html

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎04-08-2025 09:38 AM - edited ‎04-08-2025 10:17 AM

You can update that, just make sure to create the NAD in ISE using the Juniper profile. We have some older Juniper switches/routes that are using ISE as TACACS. I have attached the Juniper dictionary if you don't have that and the network device profile you will need to import if you also don't have that.

-Scott
*** Please rate helpful posts ***
Juniper.zip

Go to solution
KMNRuser
Level 1
Level 1
In response to Scott Fella

‎04-08-2025 10:01 AM

Hi Scott,

Thanks for responding.  When you have indicated that "you can update that"..what are you referencing that i can update?  Thank you!

KMNRUser

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to KMNRuser

‎04-08-2025 10:37 AM

Update your switch/route config to point to ISE.  

set system tacplus-server 192.168.1.163 port 49
set system tacplus-server 192.168.1.163 secret "XXXXXXXXXXXXXXXXXXX"
set system tacplus-server 192.168.1.163 single-connection
set system tacplus-server 192.168.1.163 source-address 10.1.0.3

 Just make sure your "secret" is the same when you add the NAD to ISE.

-Scott
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents