10-23-2016 08:10 AM
Hi All
I am using ISE 1.4 for device administration authentication & authorization. So know when network administrator want to connect to switch and router for administration, they are authenticate and authorize by ISE Radius.
My question is how to given authorization based on IP address of network administrator machine. Specify in authorization IP address allow to connect to device for administration. I don' know how or where specify it. Someone can help me please ?
Thanks in advance.
10-24-2016 06:12 AM
I believe you're asking for how to do network device administration via the TACACS+ protocol.
TACACS+ is supported in ISE 2.0 and later: ISE 2.0 Release
We have many ISE How-To Guides available that tell you how to do it in the regular ISE Community on the ISE Design & Integration Guides page under Device Administration (TACACS+)
11-22-2016 03:59 PM
Hello,
You can create an ACL on your NAD and add this ACL in the line vty configuration section.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide