01-18-2024 07:17 PM - edited 01-18-2024 07:18 PM
Through ISE, many third-party equipment
I want to authenticate TACACS.
The important thing is that there is no information about the equipment that is currently in use
The existing ACS is also using the default device.
It will be difficult to know all the equipment because of the large scale.
So, in the end, I think I should set up tacacs using default device
When you configure policy sets, you can use vendor-specific values
I want to give you a tacacs command.
Is there any value in policy sets conditions that can be classified by vendor?
01-18-2024 10:32 PM
I follow your post, check this
you need to separate the Juniper in first step when you add it as Network device
MHM
01-18-2024 11:02 PM - edited 01-18-2024 11:03 PM
I set up tacacs
Do you use radius?
And unlike the link you sent me
We will use default device without NAD registration.
01-19-2024 01:51 AM
friend TACACS for Admin or for network access ?
MHM
01-19-2024 02:18 AM
Let me explain it again
Migrating old acs to ise.
Acs was using it as a default device without nad registration, and as a result, it is difficult to determine the exact vendor or model of the equipment linked to tacacs.
So, when you migrate to "ise"
You have to proceed with default device
As a result, conditions such as device type are not available when conceiving policy sets.
Instead, I was looking for a value that could be distinguished by vendor.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide