Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5916
Views
0
Helpful
3
Replies

ISE Radius device administration authentication possible?

Go to solution
joerg
Level 1
Level 1

‎10-09-2012 11:55 PM - edited ‎03-10-2019 07:39 PM

Hi,

does anybody know if Radius device administration authentication and authorization is possible with the actual ISE release? I know that TACACS will be available in future release.           

Regards

Joerg

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Eduardo Aliaga
Level 4
Level 4

‎10-11-2012 12:12 AM

Yes it's possible according to "Ask the experts" forum :

--------------------------

https://supportforums.cisco.com/thread/2172532

"If you use RADIUS for device administration, ISE can be utilized using authorization policy elements that return Cisco av-pairs.  But personally, I think ACS is currently superior to ISE for this task."

--------------------------

Anyway, I'm about to test "device admin" and "network access" simultaneously in the same switch with Radius and ISE.

Please rate if it helps

View solution in original post

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to joerg

‎10-12-2012 08:49 AM

Yes you can use radius even in the ACS days for device administration, however command authorization is not a feature that works efficiently with radius.

If you are using IOS devices your authorization policy should send back the "cisco-av-pair=priv-lvl=15". Please consult the product documentaiton for a radius authentication and the radius av pair should be present in most guides. I know you can do this with IOS, NX_OS, WLC devce to name a few.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Eduardo Aliaga
Level 4
Level 4

‎10-11-2012 12:12 AM

Yes it's possible according to "Ask the experts" forum :

--------------------------

https://supportforums.cisco.com/thread/2172532

"If you use RADIUS for device administration, ISE can be utilized using authorization policy elements that return Cisco av-pairs.  But personally, I think ACS is currently superior to ISE for this task."

--------------------------

Anyway, I'm about to test "device admin" and "network access" simultaneously in the same switch with Radius and ISE.

Please rate if it helps

0 Helpful

Go to solution
joerg
Level 1
Level 1
In response to Eduardo Aliaga

‎10-12-2012 01:01 AM

Hi,

thanks for your feedback.

Please post the results of your tests when have done them.

Regards

Joerg

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to joerg

‎10-12-2012 08:49 AM

Yes you can use radius even in the ACS days for device administration, however command authorization is not a feature that works efficiently with radius.

If you are using IOS devices your authorization policy should send back the "cisco-av-pair=priv-lvl=15". Please consult the product documentaiton for a radius authentication and the radius av pair should be present in most guides. I know you can do this with IOS, NX_OS, WLC devce to name a few.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful
Customers Also Viewed These Support Documents