It is basically a radius server, providing 802.1x services, with enhanced features such as profiling. Cisco Identity Services Engine (ISE) ConfigurationĬisco ISE is used to securely accessing to network resources for users and devices. This is all the configuration items you need on Verge Switches side.
It is a good idea to set this address, as you must enter this address as network device address on tacacs server side. (config)#tacacs-server host source-interface vlan 1 Optionally you can specify which interface address to be used, to send tacacs requests. (config)#tacacs-server host 192.168.1.15 key angora You need to add the same key (here it is set to angora) on both switch and tacacs server side
Cisco ise 2.4 upgrade procedure password#
If you will not add this line, any user that knows the local enable password can change their privilege level to 15 (config)#aaa authentication enable authorization default tacacs This command is used to allow user to change their privilege level by entering "enable" command. If tacacs server is unreachable (not when tacacs is rejecting the user information), only then, the local users can be used to access the device (config)#aaa authentication login authorization default tacacs local This command informs the switch to use tacacs server first, for user authentication. You can check TACACS+ commands and all default values from the TACACS+ command line documentation, located on this link. Here, we are using only a single server for quick and easy setup. You can configure more than one server and prioritize them to send the requests. To configure TACACS+ authentication, you basically need to define TACACS+ server (which in this document case, is a Cisco ISE) and tell the device to go and check the user validity with this server.
Cisco ise 2.4 upgrade procedure software#
The exact same configuration provided below is applicable to all models and software versions (including stacked device groups) Configuration Verge ConfigurationĪll Angora edge switches running version greater than 4.0, support TACACS+. The configuration on ISE side can be improved, but this is out of our scope here.
This is a tested configuration for basic usage. This document describes required action on both Verge switches and Cisco ISE. For more information about Tacacs protocol, we let the owner of the protocol to explain in detail on this link. It is widely used as part of network security applications. Tacacs+ is an authentication protocol used to validate users to access and manage network devices.