11-23-2020 09:56 AM
Hi, I am need to implement Dot1X and use Tacacs+ at the same time with a single machine ISE (version 2.7).
Dot1x may need Radius, so it is possible for ISE to act as both Radius and Tacacs+ server with the same IP address? (highlighted in red below)
Sample partial configuration of my switch:
aaa new-model
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group radius local // or can I change the keyword "radius" to "tacacs+" instead ?
!
dot1x system-auth-control
dot1x critical eapol
!
tacacs-server host 10.10.10.1 key 7 xxxxxxxxxx
radius-server host 10.10.10.1 key 7 xxxxxxxxxx
Thanks !
Desmond