Hello Balaji

Tahnks but This is not that i am looking for. I am looking to apply diferent tacacs command set, if the device is huawei or cisco.

I have read this

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html#concept_B395883FDC044AF79B042C2284D900F1

But i dont know how to start ...

When you create your NADs, assign each to a device group. Then create your TACACs policy sets with device group as the top level condition / selector. Then, within a given policy set, include your custom command sets etc. for that type of device.

Don't worry about the "profile" when creating the NAD if you are just using it for Device Admin. That profile is more to describe device capabilities for Authorization results for network access policy sets - not for device admin.

@Marvin Rhoads  Thanks!! Yes i have already created as you described, But i dont need separate device per IP address. Because i only have one loopbak  IP range with cisco and huawei mixed ... This is the problem.

So I need that ISE detect the vendor with (mac address CDP lldp or some way ,  i dont know) and use this condition to apply the correspondent auth policy for commands sets.

True,  i have solved my problem "tricking" with the auth policies. Creating one profile for both vendors Cisco and  Huawei, including both tacacs+ commands sets. thanks por support!