Showing results for 
Search instead for 
Did you mean: 

Creating TACACS+ Profiles using ERS APIs in Cisco ISE 2.3

I'm trying to define a simple "TACACS Profiles" and/or "TACACS Command Sets" using the ERS API (not via the GUI) in a Cisco ISE deployment. Although the API posts the required information, I do not see any profiles being defined in the ISE GUI. Steps that I have taken are as follows:


1. Enabled the ERS Read/Write from Administration -> Settings -> ERS Settings

2. Created ERS Admin user from Administration -> Admin Access  -> Administrators -> Admin Users (click add and then created the ersadmin user with Admin Groups being ERS Admin)

3. Login to https://cisco-ise-host-IP:9060/ers/sdk#_ using the ersadmin credentials

4. Following the API documentation to create a authorisation profile, in particular, the TACACS profile as stated before.

5. From a Linux terminal, I am using curl to POST the TACACS Profile/Command Set configuration (saved in as JSON format)


Although, I have worked out various intermediate steps to do the above step 5 successfully, the added profile is not reflected in the GUI. The API documentation doesn't not specifically mention about TACACS authorisation profiles and hence I'm not sure if this is actually possible, that is, to add a TACACS profile via the API.


Any help would be highly appreciated

Everyone's tags (4)