Re: Unique value when setting up TACACS on third-party equipment using

CCC3 · ‎01-18-2024

Through ISE, many third-party equipment
I want to authenticate TACACS.

The important thing is that there is no information about the equipment that is currently in use
The existing ACS is also using the default device.
It will be difficult to know all the equipment because of the large scale.

So, in the end, I think I should set up tacacs using default device

When you configure policy sets, you can use vendor-specific values
I want to give you a tacacs command.

Is there any value in policy sets conditions that can be classified by vendor?

MHM Cisco World · ‎01-18-2024

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215525-use-radius-for-device-administration-wit.html

I follow your post, check this
you need to separate the Juniper in first step when you add it as Network device
MHM

CCC3 · ‎01-18-2024

I set up tacacs
Do you use radius?

And unlike the link you sent me
We will use default device without NAD registration.

MHM Cisco World · ‎01-19-2024

friend TACACS for Admin or for network access ?
MHM

CCC3 · ‎01-19-2024

Let me explain it again

Migrating old acs to ise.

Acs was using it as a default device without nad registration, and as a result, it is difficult to determine the exact vendor or model of the equipment linked to tacacs.

So, when you migrate to "ise"
You have to proceed with default device
As a result, conditions such as device type are not available when conceiving policy sets.

Instead, I was looking for a value that could be distinguished by vendor.

Unique value when setting up TACACS on third-party equipment using ISE