wireless user authentication happens on Cisco ISE

jain.manish94 · ‎04-12-2022

Hello Team,

my wireless user authentication happens on Cisco ISE but here client is recommending one setup over the ISE where Radisu and TACACS can get only Level 5.

Can any one help me how to do this for Both RADIUS and TACACS

Thanks

Manish Jain

balaji.bandi · ‎04-12-2022

Can any one help me how to do this for Both RADIUS and TACACS

Can you explain your own way, how you looking to setup RADIUS and TACACS

TACACS used for device authentication

RADIUS used or user authentication for 802.1x

which one is working and one that not working?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jain.manish94 · ‎04-12-2022

all are working fine there is no issue with device authentication and user authentication.

but i want ISE will check both and assign Level 5 only for User authentication and device authentication.

balaji.bandi · ‎04-13-2022

but i want ISE will check both and assign Level 5 only for User authentication and device authentication.

not sure what is the requirement here, you need to match the user profile based on the Groups. and level of access to give.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ammahend · ‎04-13-2022

When a user logins to a device (router/switch etc) they can login using tacacs or radius, it depends on how your device is configured and if your AAA server supports tacacs and if you have right license etc.

As part of authorization you can assign them a certain privilege level (5 in your case) but you still need to understand from your client what 5 means for them, with each privilege level you can associate a set of commands and user login to device with that privilege level can only execute those commands.

based on that information you can built authorization policy.
see this an an example for tacacs

https://youtu.be/p7AMEybyXYQ

hope this helps

-hope this helps-