how did you use group name as "GROUP1" in switch configuration, is it defined/configured somewhere in ISE options. can you please give a hint on this part.
You can use any group name, it's up to you! Is not related to ISE. The only information the switch is going to forward to ISE is the user/password. The group name is only for you to identify your server group, which might contain more than one TACACS server for failover, just make sure to use the correct group name under the AAA lines. Any questions just let me know.
Hello, thanks! In this case I'm using "aaa authentication login default"...meaning this apply to all lines by default, vty, console, aux, so there's no need for VTY configuration! If you change default for any other keyword you want, example "AAA-GROUP", then you will need to specify this one under the vty or any other line using the command "login authentication AAA-GROUP", the same apply for authorization as well. I did not mention this on the video but I'll add a note...Thanks for the feedback.
Can we have nested AD groups in TACACS? For example User1 is a part of Group1 and Group1 is a part of Group2. Can User1 get permissions of both Group1 and Group2?
![I.N "HALLUCINATION" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/n5B5q1Hwt_U/mqdefault.jpg)
hi please let me know we need to configure any configuration on switch port of ISE connected
how did you use group name as "GROUP1" in switch configuration, is it defined/configured somewhere in ISE options. can you please give a hint on this part.
You can use any group name, it's up to you! Is not related to ISE.
The only information the switch is going to forward to ISE is the user/password.
The group name is only for you to identify your server group, which might contain more than one TACACS server for failover, just make sure to use the correct group name under the AAA lines.
Any questions just let me know.
@@harviarias Thanks a lot.
hi, you missed to mention about line vty configuration. thanks
Hello, thanks! In this case I'm using "aaa authentication login default"...meaning this apply to all lines by default, vty, console, aux, so there's no need for VTY configuration! If you change default for any other keyword you want, example "AAA-GROUP", then you will need to specify this one under the vty or any other line using the command "login authentication AAA-GROUP", the same apply for authorization as well. I did not mention this on the video but I'll add a note...Thanks for the feedback.
Can we have nested AD groups in TACACS? For example User1 is a part of Group1 and Group1 is a part of Group2. Can User1 get permissions of both Group1 and Group2?
thaks a lot for sharing this video
Im guessing you will be needing a Tacacs license on Cisco ISE?
Yes! You can install ISE and you get a free license for 90 days, when expired just re-install ISE and you get another 90 days.
@@harviarias Im a bit late to respond. But yes that's def' an option. It appears that after 6.4 Tacacs is a paid service before that game on...