08-17-2018 04:35 AM - edited 03-08-2019 03:55 PM
Hi we are trying to integrate Cisco 3650 Switch (WS-C3650-24TD-S) with Tacacs ISE server for SSH, Telnet, HTTP & Console access.
Switch Model: WS-C3650-24TD-S
IOS: Denali 16.3.6
Could you please share any reference document for the same.
regards
ASAMED
Solved! Go to Solution.
08-17-2018 05:43 AM
Have a look at these.
How To: ISE TACACS+ Configuration for IOS Network Devices -
How To: ISE TACACS+ Configuration for Cisco NX-OS Network Devices -
Please rate helpful posts / solutions :)
08-17-2018 05:43 AM
Have a look at these.
How To: ISE TACACS+ Configuration for IOS Network Devices -
How To: ISE TACACS+ Configuration for Cisco NX-OS Network Devices -
Please rate helpful posts / solutions :)
08-24-2018 05:37 AM
Hi omc79,
thanks for the valuable reference documents.
yesterday we have successfully configured TACACS+ authentication on cisco 3650 (below the config commands).
tacacs server ISE-01
address ipv4 192.168.100.1
key 7 21305A00457A080457
tacacs server ISE-02
address ipv4 192.168.100.2
key 7 243B480925ACB85
aaa authentication login ISE group tacacs+ local //for authentication 1st server (ISE-01) will use, if its not reachable 2nd server (ISE-02) will use, if both are not reachable local authentication.
line vty 0 4
login authentication ISE //Above configured named authentication will use
Could you please help me to clarify following.
1. Local users couldn't able to login via telnet /SSH (as per my understanding all telnet or ssh user authentication with TACACS server (if server is reachable then will not check on switch local database for authentication). if TACACS server not reachable then authenticate with switch local database, am i correct.
2. we need to configure authorization, (please help me to verify below mentioned commands are correct or not).
aaa authorization config-commands
aaa authorization exec ISE group tacacs+ local //authorization named list
aaa authorization commands 1 ISE group tacacs+ local //for privilege 1
aaa authorization commands 15 ISE group tacacs+ local //for privilege 15
line vty 0 4
authorization commands 1 ISE //above configured authorization assigned on VTY
authorization commands 15 ISE
authorization exec ISE
3. Need to configure Accounting (please help me to verify below mentioned commands are correct or not).
aaa accounting exec default start-stop group tacacs+ //accounting for exec
aaa accounting commands 1 default start-stop group tacacs+ //accounting for privilege 1
aaa accounting commands 15 default start-stop group tacacs+ //accounting for privilege 15
do we need to assign accounting under line vty?
any clarification will be very much appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide