How To's - Deploy Cisco ISE 2.7 for Device Administration on NX-OS
Hi there, as I mentioned in the previous post, in this one we’re going to see to how to manage NX-OS switches using ISE 2.7.
We’ll start by adding the switch on ISE by going to Administration > Network Resources > Network Devices > Add
We’ll then add two TACACS profiles for Admins and Operators by going to Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles > Add
Next we’ll change the Shell Profiles in Work Centers > Device Administration > Device Admin Policy Sets > Switch Management > Authorization Rule
Now let’s jump over the switch and configure authentication, authorization, and accounting (AAA).
feature tacacs+
tacacs-server host 192.168.234.23 key admin1234 timeout 5
aaa group server tacacs+ TACACS_SERVERS
server 192.168.234.23
deadtime 5
use-vrf management mgmt. 0
exit
aaa authentication login ascii-authentication
aaa authentication login default group TACACS_SERVERS
aaa authentication login console local
!
aaa authorization config-commands default group TACACS_SERVERS local
aaa authorization commands default group TACACS_SERVERS local
!
aaa accounting default group TACACS_SERVERS
Now let's test the access with both users
And we have deployed ISE 2.7 for managing Nexus Switches.
I hope you enjoyed this post, leave your comments below and I'll see you on the next one.
Reference;
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_tacacs_device_admin.html
ICT Trainer | Entrepreneur | Datacomm Consultant | I help students worldwide achieve their ICT certifications
3 年Nice, thank you for sharing.